Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 317659 - sys-auth/pambase add pam_abl support
Summary: sys-auth/pambase add pam_abl support
Status: RESOLVED WONTFIX
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Lowest enhancement (vote)
Assignee: Mikle Kolyada (RETIRED)
URL: http://www.hexten.net/pam_abl/
Whiteboard:
Keywords: NeedPatch
Depends on:
Blocks:
 
Reported: 2010-04-28 18:32 UTC by Sergio Bevilacqua
Modified: 2020-06-09 18:02 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
ebuild diff (pam_abl.diff,228 bytes, patch)
2010-04-28 18:34 UTC, Sergio Bevilacqua 		Details | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sergio Bevilacqua 2010-04-28 18:32:42 UTC 
pam_abl provides auto blacklisting of hosts and users responsible for repeated failed authentication attempts

Reproducible: Always
Comment 1 Sergio Bevilacqua 2010-04-28 18:34:20 UTC 
Created attachment 229555 [details, diff]
ebuild diff

added abl use flag at the openssh ebuild
Comment 2 Jeroen Roovers (RETIRED) gentoo-dev 2010-04-28 21:44:55 UTC 
Erm, so the only thing you're changing is setting a USE flag to automatically depend on another package? Isn't it sufficient to just emerge the package itself instead of requiring other packages to pull it in, or does the openssh ebuild then configure and compile in support for pam_abl? In the latter case, the econf call should be changed accordingly and your diff (which should preferably be a unified diff, by the way) would be only half the work.
Comment 3 Sergio Bevilacqua 2010-04-29 06:40:07 UTC 
the only required step is to add the following line to /etc/pam.d/system-auth
auth 	 required 	 /lib/security/pam_abl.so config=/etc/security/pam_abl.conf

no other steps are required
Comment 4 Diego Elio Pettenò (RETIRED) gentoo-dev 2010-04-29 12:20:04 UTC 
No you definitely *don't* want to add this to OpenSSH. I'll take it as a pambase feaure request but very _very_ low on priority for now if you don't mind.
Comment 5 Gilles Dartiguelongue (RETIRED) gentoo-dev 2010-11-08 13:06:57 UTC 
FTR, I'm having this setup on my router:

system-remote-login:auth                required        pam_abl.so config=/etc/security/pam_abl.conf
Comment 6 Diego Elio Pettenò (RETIRED) gentoo-dev 2010-11-08 13:16:41 UTC 
I'm integrating this already in the new m4 branch of pambase.
Comment 7 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2020-06-09 18:02:07 UTC 
Hmmm, rather not.