[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: pam_tally: unknown option

unlock_time=600 option is invalid in pam-0.77-65.1.

You have to download latest PAM version. Otherwise you can write crontab for unlocking after 30 minutes by seeing faillog output.

Ex: using awk and crontab you can do this

faillog | grep -v Username | awk '$2>5{system("printf "$1":"$2":; date +%s -d \""$5" "$6" "$7"\"")}' | \
awk -F: '1800 < (systime()-$3){print $1; print "User "$1" no longer locked-out: "strftime("%D-%H:%M:%S") >> "/var/log/faillog
clear"}' | \
xargs -i faillog -u {} -r

Let me know if it helps for you.


On Mon, Jun 16, 2008 at 3:34 PM, Vasudeva R <rachamad gmail com> wrote:

Hi Monu,

Try with following lines. It is working for me without any problem.

auth        required      pam_tally.so no_magic_root

account     required    pam_tally.so per_user deny=5 no_magic_root reset

Let me know.


RE: pam_tally: unknown option

  • From: "Monu Agrawal" <monuindia gmail com>
  • To: pam-list redhat com
  • Subject: RE: pam_tally: unknown option
  • Date: Tue, 17 Jun 2008 00:43:57 +0530

Thanks Joe, but as per documents, deny and unlock_time are auth options, not thee account options. When I changed the config as you mentioned:

account     required      pam_tally.so deny=2

the error "unknown option deny" stopped coming but it didn't make any difference in the time it waits after wrong passwd, even if I make it 20. The version, I can't change because of some dependency reasons.

Vasudeva R

Alternate mail id: rvasu_deva hotmail com

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]