pam_tally: unknown option

Vasudeva R rachamad at gmail.com
Tue Jun 17 15:35:37 UTC 2008


 unlock_time=600 option is invalid in pam-0.77-65.1.

You have to download latest PAM version. Otherwise you can write crontab for
unlocking after 30 minutes by seeing faillog output.

Ex: using awk and crontab you can do this

faillog | grep -v Username | awk '$2>5{system("printf "$1":"$2":; date +%s
-d \""$5" "$6" "$7"\"")}' | \
awk -F: '1800 < (systime()-$3){print $1; print "User "$1" no longer
locked-out: "strftime("%D-%H:%M:%S") >> "/var/log/faillog
clear"}' | \
xargs -i faillog -u {} -r

Let me know if it helps for you.

Regards,
Vasu



On Mon, Jun 16, 2008 at 3:34 PM, Vasudeva R <rachamad at gmail.com> wrote:

>
> Hi Monu,
>
> Try with following lines. It is working for me without any problem.
>
> auth        required      pam_tally.so onerr=fail no_magic_root
>
> account     required    pam_tally.so per_user deny=5 no_magic_root reset
>
> Let me know.
>
> Regards,
> Vasudeva
>
>
> RE: pam_tally: unknown option
> ------------------------------
>
>    - *From*: "Monu Agrawal" <monuindia gmail com>
>    - *To*: pam-list redhat com
>    - *Subject*: RE: pam_tally: unknown option
>    - *Date*: Tue, 17 Jun 2008 00:43:57 +0530
>
> ------------------------------
>
> Thanks Joe, but as per documents, deny and unlock_time are auth options,
> not thee account options. When I changed the config as you mentioned:
>
> account     required      pam_tally.so deny=2
>
> the error "unknown option deny" stopped coming but it didn't make any
> difference in the time it waits after wrong passwd, even if I make it 20.
> The version, I can't change because of some dependency reasons.
>
>
>
>
> --
> Regards,
> Vasudeva R
>
> Alternate mail id: rvasu_deva at hotmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pam-list/attachments/20080617/ae5d202d/attachment.htm>


More information about the Pam-list mailing list