[src/trunk]: src/lib/libpam/modules/pam_krb5 Add a SECURITY CONSIDERATIONS se...

[thorpej <thorpej%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/33fd2ea52db3
branches:  trunk
changeset: 574406:33fd2ea52db3
user:      thorpej <thorpej%NetBSD.org@localhost>
date:      Sun Feb 27 21:33:02 2005 +0000

description:
Add a SECURITY CONSIDERATIONS section.

diffstat:

 lib/libpam/modules/pam_krb5/pam_krb5.8 |  13 ++++++++++++-
 1 files changed, 12 insertions(+), 1 deletions(-)

diffs (24 lines):

diff -r 90ec34cb7d32 -r 33fd2ea52db3 lib/libpam/modules/pam_krb5/pam_krb5.8
--- a/lib/libpam/modules/pam_krb5/pam_krb5.8    Sun Feb 27 21:32:46 2005 +0000
+++ b/lib/libpam/modules/pam_krb5/pam_krb5.8    Sun Feb 27 21:33:02 2005 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: pam_krb5.8,v 1.4 2005/02/26 15:02:15 thorpej Exp $
+.\" $NetBSD: pam_krb5.8,v 1.5 2005/02/27 21:33:02 thorpej Exp $
 .\" $FreeBSD: src/lib/libpam/modules/pam_krb5/pam_krb5.8,v 1.6 2001/11/24 23:41:32 dd Exp $
 .Dd January 15, 1999
 .Dt PAM_KRB5 8
@@ -210,3 +210,14 @@
 and
 .Fn pam_end
 when using the Kerberos 5 PAM module.
+.Sh SECURITY CONSIDERATIONS
+The
+.Nm
+module implements what is fundamentally a password authentication scheme.
+It does not use a Kerberos 5 exchange between client and server, but rather
+authenticates the password provided by the client against the Kerberos KDC.
+Therefore, care should be taken to only use this module over a secure session
+.Po
+secure TTY, encrypted session, etc.
+.Pc ,
+otherwise the user's Kerberos 5 password could be compromised.