Support Home Communities Home   Search Today's Posts Mark Forums Read

 
 
LinkBack Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 07-Nov-2009, 10:14 AM
Guenther Schwarz
NNTP User
  
Posts: n/a
Default pam_ldap: pam_groupdn inhibit error message
I want to restrict access to a machine to ldap users with a specific
group membership.
So in /etc/ldap.conf:
pam_groupdn cn=PAM,ou=Groups,dc=example,dc=com

And in /etc/pam.d/common-auth:
auth required pam_env.so
auth sufficient pam_unix2.so
auth required pam_ldap.so

Now users within the group PAM are authorized while users not known to
the ldap server are asked for a password. Users known to ldap without
the group membership are rejected with the message:
You must be a uniquemember of cn=PAM,ou=Groups,dc=example,dc=com

My question: Is it possible to inhibit this error message? It gives an
attacker the information that a user name is known to the system. This
is highly unwanted in this case.

Günther
Reply With Quote
 

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Threaded Mode Threaded Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT -6. The time now is 07:17 AM.
Contact Us - NOVELL FORUMS - Archive - Privacy Statement - Top

© 2007 Novell, Inc. All Rights Reserved.

Search Engine Friendly URLs by vBSEO 3.3.0 RC2