undefined | Better HN

0 pointsonraglanroad4d ago0 comments

No, it's very simple. Do what I said in my comment. Add nodelay to the options for pam_unix.so and set pam_faildelay.so delay=0

That's it. You didn't link to any issue and the weird mistakes and justifications you're making feels like arguing with an LLM.

You obviously can't run unix_chkpwd against a local account without root.

0 comments

timhh4d ago

> You obviously can't run unix_chkpwd against a local account without root.

Wrong. At least check before you say something is obvious.

> No, it's very simple.

Even more wrong: https://github.com/linux-pam/linux-pam/issues/778#issuecomme...

> feels like arguing with an LLM

I could say the same about you, repeatedly and confidently asserting falsehoods.

onraglanroadOP4d ago

No, I'm right. You can't run unix_chkpwd against a local account without root because you won't be able to access /etc/shadow to get the hash. If you think you can, explain how. Otherwise you have to use the setuid version which won't let you run it directly.

And I just removed the delay using my method. Perhaps try checking something yourself?

timhh4d ago

I don't understand how you can be so confidently wrong about something so easily checked. :D

> You can't run unix_chkpwd against a local account without root because you won't be able to access /etc/shadow to get the hash.

unix_chkpwd can access /etc/shadow because it is suid.

> Otherwise you have to use the setuid version which won't let you run it directly.

Haha you mean this?

  $ unix_chkpwd
  This binary is not designed for running in this way
  -- the system administrator has been informed

Take a look at the source code I linked about 6 comments ago!

> Perhaps try checking something yourself?

I have. You haven't.

  printf 'hunter2\0' | unix_chkpwd yourusername nullok; echo $?

j / k navigate · click thread line to collapse

0 comments

timhh4d ago

> You obviously can't run unix_chkpwd against a local account without root.

Wrong. At least check before you say something is obvious.

> No, it's very simple.

Even more wrong: https://github.com/linux-pam/linux-pam/issues/778#issuecomme...

> feels like arguing with an LLM

I could say the same about you, repeatedly and confidently asserting falsehoods.

onraglanroadOP4d ago

And I just removed the delay using my method. Perhaps try checking something yourself?

timhh4d ago

I don't understand how you can be so confidently wrong about something so easily checked. :D

> You can't run unix_chkpwd against a local account without root because you won't be able to access /etc/shadow to get the hash.

unix_chkpwd can access /etc/shadow because it is suid.

> Otherwise you have to use the setuid version which won't let you run it directly.

Haha you mean this?

  $ unix_chkpwd
  This binary is not designed for running in this way
  -- the system administrator has been informed

Take a look at the source code I linked about 6 comments ago!

> Perhaps try checking something yourself?

I have. You haven't.

  printf 'hunter2\0' | unix_chkpwd yourusername nullok; echo $?

j / k navigate · click thread line to collapse