Improve configuration example in README to improve security
Closed this issue · 2 comments
baszoetekouw commented
With the pam config as specified in README, a user who has a working password is always able to log in, even when he enters te wrong pin or pam-weblogin fails in some other way.
I assume the pam config should be adjusted a bit more; simply adding sufficient pam-weblogin
isn't enough.
HarryKodden commented
Solution is to specify:
auth [success=done ignore=ignore default=die] pam_weblogin.so /etc/pam-weblogin.conf
baszoetekouw commented
@HarryKodden Kun je dit in de documentatie toevoegen/aanpassen?