[augeas-devel] adding pam_tally to system-auth
David Robinson
zxvdr.au at gmail.com
Fri Jun 5 11:22:58 UTC 2009
Hi all,
I'm trying to use augeas to setup pam_tally, but have run into a few problems.
I'm doing this (there's 14 entries in the file, 15 adds a new one:
set /files/etc/pam.d/system-auth/15/type auth
set /files/etc/pam.d/system-auth/15/control required
set /files/etc/pam.d/system-auth/15/module pam_tally.so
set /files/etc/pam.d/system-auth/15/argument[1] onerr=fail
set /files/etc/pam.d/system-auth/15/argument[2] deny=6
set /files/etc/pam.d/system-auth/15/argument[3] unlock_time=300
save
Which gives:
--- system-auth.augsave 2009-05-20 13:49:53.000000000 +0000
+++ system-auth 2009-06-05 11:15:45.000000000 +0000
@@ -18,3 +18,4 @@
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in
crond quiet use_uid
session required pam_unix.so
+auth required pam_tally.so onerr=fail deny=6 unlock_time=300
But I want the line to appear with all the other auth stuff, eg:
--- system-auth.augsave 2009-05-20 13:49:53.000000000 +0000
+++ system-auth.correct 2009-06-05 11:32:55.000000000 +0000
@@ -5,6 +5,7 @@
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so
+auth required pam_tally.so onerr=fail deny=6 unlock_time=300
account required pam_unix.so
account sufficient pam_succeed_if.so uid < 500 quiet
How can I insert a line into the middle of a file, and how can I find
where in the file it should be inserted?
The system-auth file is just the standard one from RHEL5:
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so
account required pam_unix.so
account sufficient pam_succeed_if.so uid < 500 quiet
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so md5 shadow nullok try_first_pass
use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in
crond quiet use_uid
session required pam_unix.so
--Dave
More information about the augeas-devel
mailing list