File pam_schroedinger.spec of Package pam_schroedinger

Overview Repositories Revisions Requests Users Attributes Meta

File pam_schroedinger.spec of Package pam_schroedinger

#
# spec file for package pam_schroedinger
#
# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via http://bugs.opensuse.org/
#

%if 0%{?suse_version} > 1230
%bcond_without systemd
%else
%bcond_with    systemd
%endif

Name:           pam_schroedinger
Version:        0.2s
Release:        0
License:        GPL-3.0+
Summary:        Uncertainty for brute forcers during login
Url:            https://github.com/stealth/pam_schroedinger
Group:          Productivity/Networking/Security
Source:         https://github.com/stealth/pam_schroedinger/archive/pam_schroedinger-0.2s.tar.gz
Source1:        pam_schroedinger.tmpfiles.d
BuildRequires:  gcc-c++
BuildRequires:  pam-devel
%if %{with systemd}
BuildRequires:  pkgconfig(systemd)
%{?systemd_requires}
%endif
BuildRoot:      %{_tmppath}/%{name}-%{version}-build
%define _pamdir /%{_lib}/security/
%define _workdir /var/run/schroedinger
%description
pam_schroedinger prevents from dicitionary/brute-force attacks against PAM
accounts by only returning PAM_SUCCESS if there was no previous login or
attempt within a certain timeframe. In a common scenario, users do not
authenticate more than once in a second. Everything else looks like a brute
force. pam_schroedinger prevents PAM accounts from dictionary attacks much
better than a sleep-based delay hardcoded in the authentication mechanism, as
used today in su or sudo for example. The attacker will see no delay in his
attack, but he will not see which login token succeeds, even if he tried the
right one. So there is a certain uncertainty added to the login process so
attackers can never be sure the cat is dead or alive. This is the opposite of
pam_timestamp.

%prep
%setup -q -n %{name}-%{name}-%{version}

%build
make %{?_smp_mflags} DEFS="%{optflags}"

%install
install -D -m 0755 pam_schroedinger.so %{buildroot}%{_pamdir}/pam_schroedinger.so
#install -D -m 0755 enabler             %{buildroot}%{_sbindir}/pam_schroedinger_enabler
%if %{with systemd}
install -D -m 0644 %{S:1} %{buildroot}/usr/lib/tmpfiles.d/%{name}.conf
%else
install -D -d -m 0750 %{buildroot}%{_workdir}
%endif

%post
%if %{with systemd}
systemd-tmpfiles --create /usr/lib/tmpfiles.d/%{name}.conf || true
%endif

%files
%defattr(-,root,root)
%doc README.md LICENSE.txt
%{_pamdir}/pam_schroedinger.so
%if %{with systemd}
/usr/lib/tmpfiles.d/%{name}.conf
%else
%dir %{_workdir}
%endif

%changelog

Places

File pam_schroedinger.spec of Package pam_schroedinger

Places