I am still seeing this problem in the version of courier included in
sarge. Courier seems to happily ignore the result of the pam check and
continue anyway (when using the pam_tally module).
I would suggest that this warrants the security tag and a security
update as it allows a user to try to crack passwords with a brute-force
approach even if countermeasures (i.e. pam-tally) is in place.
This bug should probably be reassigned to courier-authdaemon
since I have the feeling that it is responsible for the pam
conversation. See also bug 256231 for related pam problems.
Re,
David
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
