[ale] pam_ccred caching of user credentials for when network is down

Jim Kinney jim.kinney at gmail.com
Mon Nov 8 13:34:50 EST 2010


I looking at pam_ccred as a method to cache user authentication data for
if/when network is down/ldap pukes/ etc.
It uses a local database built from getent passwd/getent shadow data.

Does it cache ONLY the attempted-login user data or does is cache ALL user
data.

All user data would provide a local copy of the hash from shadow for attack
for ALL users. very bad.

I can't find any docs that discuss how limited this is. Any ideas?

-- 
-- 
James P. Kinney III
I would rather stumble along in freedom than walk effortlessly in chains.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20101108/ee918042/attachment.html 


More information about the Ale mailing list