openSUSE is in many ways a great security-oriented distro, but I find it lacking a few places.
One such place that I would like to see openSUSE improve is in the area of login security.
I recently proposed an idea in the brainstorm section of KDE’s forum regarding the fact that you can make unlimited login attempts from a locked KDE screen and by default nothing prevents this. Furthermore you can switch to a terminal from a locked screen and attempt a brute force attack there.
I have an encrypted hard drive, but once it is decrypted, my computer does have some weaknesses. Before I discovered PAM you could attempt to login to my user account or root account with no limit as to how many times you could try. This was true for an SSH session as well. This was how openSUSE handled logins by default on my 11.2 install.
So the reason I started this thread was to find out if anyone knew of any plan or openFATE request to create a GUI for PAM that would make the use of PAM much easier. As it is now, PAM can be very difficult to implement.
What I would like to see is a program built into openSUSE that manages the security protocols of all login types: Root, User, SSH, KDM/GDM, etc. It should allow user to set maximum password attempts, times logins are allowed, how long logins last, etc.
If there is already a plan to implement such security features or if there is already a user-friendly way to handle PAM in openSUSE, please let me know.
If not, it would be nice to get a few users opinions of PAM and where they would like to see it implemented and how.
After getting a little feedback and a few opinions I plan to creat a new openFATE request, so if you have some experience with PAM or any specific implementation you would like to see, then please post here.