Add a SECURITY CONSIDERATIONS section.

2005-02-27 21:33:02 +00:00 · 2005-02-27 21:33:02 +00:00 · a4e3f97482
commit a4e3f97482
parent 80ea74d85d
1 changed files with 12 additions and 1 deletions
--- a/lib/libpam/modules/pam_krb5/pam_krb5.8
+++ b/lib/libpam/modules/pam_krb5/pam_krb5.8
@ -1,4 +1,4 @@
-.\" $NetBSD: pam_krb5.8,v 1.4 2005/02/26 15:02:15 thorpej Exp $
+.\" $NetBSD: pam_krb5.8,v 1.5 2005/02/27 21:33:02 thorpej Exp $
 .\" $FreeBSD: src/lib/libpam/modules/pam_krb5/pam_krb5.8,v 1.6 2001/11/24 23:41:32 dd Exp $
 .Dd January 15, 1999
 .Dt PAM_KRB5 8
@ -210,3 +210,14 @@ more than once between calls to
 and
 .Fn pam_end
 when using the Kerberos 5 PAM module.
+.Sh SECURITY CONSIDERATIONS
+The
+.Nm
+module implements what is fundamentally a password authentication scheme.
+It does not use a Kerberos 5 exchange between client and server, but rather
+authenticates the password provided by the client against the Kerberos KDC.
+Therefore, care should be taken to only use this module over a secure session
+.Po
+secure TTY, encrypted session, etc.
+.Pc ,
+otherwise the user's Kerberos 5 password could be compromised.