[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Password expiration and pam_tally questions



On Thu, 17 Aug 2000, Michael A. Dietz wrote:

OK, I figured it out, it was RTFM !
see below..

> I am having problems with pam_tally not working for ssh,ftp, telnet.  I am
> using pam-0.72 on RedHat 6.2, telnet-server-0.16-6.rpm,
> openssh-server-2.1.1p2, and proftpd-1.2.0.  I know openssh and proftpd are
> compiled with pam support, the redhat telnet server I don't know, although
> it claims to run /bin/login by default.
> 
> The only thing it appears to work with is login, although I modified the
> sshd and ftp file the same as login below:
> #%PAM-1.0
> auth       required     /lib/security/pam_securetty.so
> auth       required     /lib/security/pam_tally.so
auth	    required	/lib/security/pam_tall.so no_magic_root
> auth       required     /lib/security/pam_pwdb.so shadow nullok
> auth       required     /lib/security/pam_nologin.so
> account    required     /lib/security/pam_tally.so deny=5 reset
account	    required	/lib/security/pam_tally.so no_magic_root deny=5 
reset
> account    required     /lib/security/pam_pwdb.so
> password   required     /lib/security/pam_cracklib.so
> password   required     /lib/security/pam_pwdb.so nullok use_authtok md5
> shadow
> session    required     /lib/security/pam_pwdb.so
> session    optional     /lib/security/pam_console.so
> 
> So if telnetd runs /bin/login, how come if I run /bin/login as a user the
> tally function works, but if I login via telnet it doesn't ?  Also, is
> there some kind of sshd bug I don't know about, and what about ftp ?
> What should the permissions be on /var/log/faillog and what user:group
> should own it ?
> 
> 
> Thanks,
> 
> 
> ----------------
> Running on Linux 2.4
> Michael A. Dietz
> mad099@dietznet.net
> 
> 

----------------
Running on Linux 2.4
Michael A. Dietz
mad099@dietznet.net





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []