Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: blacklistd is now available for current (comments?)

On Jan 20, 10:22pm, Brook Milligan wrote:
} Interesting coincidence; I was just exploring sshguard as a means
} to accomplish similar goals this weekend.
} On Jan 20, 2015, at 7:54 PM, Christos Zoulas wrote:
} > This is package contains library that can be used by network daemons to
} > communicate with a packet filter via a daemon to enforce opening and
} > closing ports dynamically based on policy.
} Having the daemons directly record the outcome of their authentication
} seems preferable to groveling through log entries as, for example,
} sshguard does.  However, that requires modification of the relevant
} daemons and is in that sense more intrusive.
} Is your idea to modify (or encourage modification of) a broad
} array of daemons that might benefit from this?  I'm thinking,
} for example, of daemons responsible for IMAP mail delivery and
} other such things that require credentials.  Is this something
} that can be added to PAM and thereby avoid being so intrusive on
} the daemons themselves?

     PAM wouldn't have access to the socket, so no it wouldn't be
that easy to add.  Also, PAM is primarily for things that do
interactive logins IMAP should really be using SASL.  However, that
would probably have the same problem of not having access to the

}-- End of excerpt from Brook Milligan

Home | Main Index | Thread Index | Old Index