[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

problem with pam_tally



I'm trying to configure sshd to lockout a user after 5 failed login attempts
and then allow that user back in after an hour if there hasn't been a failed
login attempt. This is my /etc/pam.d/sshd:

#%PAM-1.0
auth       required     /lib/security/pam_tally.so no_magic_root
auth       required     /lib/security/pam_stack.so service=system-auth
auth       required     /lib/security/pam_nologin.so
account    required     /lib/security/pam_tally.so deny=5 no_magic_root
even_deny_root_account reset
account    required     /lib/security/pam_stack.so service=system-auth
password   required     /lib/security/pam_stack.so service=system-auth
session    required     /lib/security/pam_stack.so service=system-auth
session    optional     /lib/security/pam_console.so


Once I get past the number of failed login's, I get something like this:

user xxx has time limit [66850040s left] since last failure.

I've only configured a 50 second lockout for testing, so am I doing
something wrong? Is there a better way to accomplish this?

Thanks,
Brian






[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []