[libpam-opie] pam_opie.so does not lock user

Hello,

on a debian lenny system with installed and configured libpam-opie you
can have more then one session at a time to attempt to authenticate a
user. Meaning /etc/opielocks/ is not used. So race attacks on OTP are
possible.

Is that a bug in the old package or a misconfiguration on my part?

thanks,

PJ


--
To UNSUBSCRIBE, email to debian-user-REQUEST@...
with a subject of "unsubscribe". Trouble? Contact listmaster@...