Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
security
pam_schroedinger
pam_schroedinger.spec
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File pam_schroedinger.spec of Package pam_schroedinger
# # spec file for package pam_schroedinger # # Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # %if 0%{?suse_version} > 1230 %bcond_without systemd %else %bcond_with systemd %endif Name: pam_schroedinger Version: 0.2s Release: 0 License: GPL-3.0+ Summary: Uncertainty for brute forcers during login Url: https://github.com/stealth/pam_schroedinger Group: Productivity/Networking/Security Source: https://github.com/stealth/pam_schroedinger/archive/pam_schroedinger-0.2s.tar.gz Source1: pam_schroedinger.tmpfiles.d BuildRequires: gcc-c++ BuildRequires: pam-devel %if %{with systemd} BuildRequires: pkgconfig(systemd) %{?systemd_requires} %endif BuildRoot: %{_tmppath}/%{name}-%{version}-build %define _pamdir /%{_lib}/security/ %define _workdir /var/run/schroedinger %description pam_schroedinger prevents from dicitionary/brute-force attacks against PAM accounts by only returning PAM_SUCCESS if there was no previous login or attempt within a certain timeframe. In a common scenario, users do not authenticate more than once in a second. Everything else looks like a brute force. pam_schroedinger prevents PAM accounts from dictionary attacks much better than a sleep-based delay hardcoded in the authentication mechanism, as used today in su or sudo for example. The attacker will see no delay in his attack, but he will not see which login token succeeds, even if he tried the right one. So there is a certain uncertainty added to the login process so attackers can never be sure the cat is dead or alive. This is the opposite of pam_timestamp. %prep %setup -q -n %{name}-%{name}-%{version} %build make %{?_smp_mflags} DEFS="%{optflags}" %install install -D -m 0755 pam_schroedinger.so %{buildroot}%{_pamdir}/pam_schroedinger.so #install -D -m 0755 enabler %{buildroot}%{_sbindir}/pam_schroedinger_enabler %if %{with systemd} install -D -m 0644 %{S:1} %{buildroot}/usr/lib/tmpfiles.d/%{name}.conf %else install -D -d -m 0750 %{buildroot}%{_workdir} %endif %post %if %{with systemd} systemd-tmpfiles --create /usr/lib/tmpfiles.d/%{name}.conf || true %endif %files %defattr(-,root,root) %doc README.md LICENSE.txt %{_pamdir}/pam_schroedinger.so %if %{with systemd} /usr/lib/tmpfiles.d/%{name}.conf %else %dir %{_workdir} %endif %changelog
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor