using 'auth optional pam_google_authenticator.so' instead of 'auth required pam_google_authenticator.so' accepts any string of numbers #21
Comments
|
Comment #1 originally posted by nunojpg on 2011-01-15T18:16:08.000Z: Why do you expect it do deny access? |
|
Comment #2 originally posted by voyager.106 on 2011-01-18T19:48:37.000Z: Thanks for the reply. I chose optional because I misunderstood. Using the original PAM code, when I chose required, and someone tried logging in who didn't have their account set up for TFA, they weren't offered a verification prompt, but they were never allowed in, even when putting in their proper password. So I assumed 'required' meant that you were required to have your account set up for TFA, and if not, you weren't allowed in. By changing it to optional, I thought it would fix the issue so that if your account weren't set up for TFA, it would allow you in with just your password. I came to find out a few days later that it was actually a bug that was fixed with a patch. When I applied the patch and rebuilt the PAM module from it, I was able to set it for 'required' and then when someone tried logging in without TFA set up, they were then allowed to get in with just their password. |
|
Comment #3 originally posted by brian@microcomaustralia.com.au on 2011-02-16T03:20:46.000Z: See bug # 27. |
|
Comment #4 originally posted by markus@google.com on 2011-03-09T20:25:43.000Z: <empty> |
Original issue 21 created by voyager.106 on 2010-12-15T21:09:21.000Z:
What steps will reproduce the problem?
What is the expected output? What do you see instead?
What version of the product are you using? On what operating system?
The text was updated successfully, but these errors were encountered: