<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1106" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>I'm trying to use pam_tally to lock a user out 
after three unsuccessful attempts.  I can't get it to work.  My login 
file in /etc/pam.d is as follows:</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>auth    required    
/lib/security/pam_securetty.so</FONT></DIV>
<DIV><FONT face=Arial size=2>auth    required    
/lib/security/pam_nologin.so</FONT></DIV>
<DIV><FONT face=Arial size=2>auth    required    
/lib/security/pam_tally.so deny=3 reset</FONT></DIV>
<DIV><FONT face=Arial size=2>auth    required    
/lib/security/pam_stack.so service=system-auth</FONT></DIV>
<DIV><FONT face=Arial size=2>account    
required    /lib/security/pam_tally.so deny=3 reset</FONT></DIV>
<DIV><FONT face=Arial size=2>account    
required    /lib/security/pam_stack.so 
service=-system-auth</FONT></DIV>
<DIV><FONT face=Arial size=2>password    required 
    /lib/security/pam_tally.so deny=3 reset</FONT></DIV>
<DIV><FONT face=Arial size=2>password    
required    /lib/security/pam_stack.so 
service=system-auth</FONT></DIV>
<DIV><FONT face=Arial size=2>session    
required    /lib/security/pam_stack.so 
service=system-auth</FONT></DIV>
<DIV><FONT face=Arial size=2>session    
required    /lib/security/pam_console.so</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Is pam_pwdb the module to keep passwords from being 
reused?  How would I set that up?</FONT></DIV></BODY></HTML>