Any GUI for PAM planned for openSUSE?

openSUSE is in many ways a great security-oriented distro, but I find it lacking a few places.

One such place that I would like to see openSUSE improve is in the area of login security.

I recently proposed an idea in the brainstorm section of KDE’s forum regarding the fact that you can make unlimited login attempts from a locked KDE screen and by default nothing prevents this. Furthermore you can switch to a terminal from a locked screen and attempt a brute force attack there.

I have an encrypted hard drive, but once it is decrypted, my computer does have some weaknesses. Before I discovered PAM you could attempt to login to my user account or root account with no limit as to how many times you could try. This was true for an SSH session as well. This was how openSUSE handled logins by default on my 11.2 install.

So the reason I started this thread was to find out if anyone knew of any plan or openFATE request to create a GUI for PAM that would make the use of PAM much easier. As it is now, PAM can be very difficult to implement.

What I would like to see is a program built into openSUSE that manages the security protocols of all login types: Root, User, SSH, KDM/GDM, etc. It should allow user to set maximum password attempts, times logins are allowed, how long logins last, etc.

If there is already a plan to implement such security features or if there is already a user-friendly way to handle PAM in openSUSE, please let me know.

If not, it would be nice to get a few users opinions of PAM and where they would like to see it implemented and how.

After getting a little feedback and a few opinions I plan to creat a new openFATE request, so if you have some experience with PAM or any specific implementation you would like to see, then please post here.


Kinda the wrong place to ask as in planned for…

In regards to an actual one I noticed webmin has one. Now this then progressed my thinking to a yast module. So …

So how webmin handles this (Webmin pam module src)]( and from my brief look a lot more complicated than using yast module devel tools. (Yast sshd config module tut)](

It looks relatively trivial to me but alas I guess I’m saying it’s your itch why don’t you scratch it? Perhaps the yast team will incorporate it in the next release(Though I think you may miss 11.3 unless you code it very quickly :wink: iirc the freeze is soon)

My tuppence don’t spend it all at once.

Wrong place to ask, maybe, but then where is the right place to ask it?

Anyway, I am not a developer and do not have the skills needed to create something like this.

After lots of reading and trial and error I have PAM configured to my liking on my system, however it was a pain in the ass. For a lot of users it probably isn’t worth the trouble. Having something like this is pretty important for users concerned with security.

If any where it would probably be the yast mailing list, wouldn’t hold your breath any one concerned with security would be using an enterprise distro. You’re hoping for someone with the same itch as you.

I can’t say I’m a coder but I would say that using the yast devel module tools should take the pain out of it from the brief look at the tut. Got to be easier than trying to read the PAM documentation anyway.