[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: pam_tally problems



On Wed, Jun 26, 2002 at 06:10:17PM -0500, john doe wrote:
> I have installed Redhat Linux 7.3 on a Sony laptop. I want to be able to 
> stop logins after a certain number of failed attempts. I have edited the 
> /etc/pam.d/login file and added an auth and account line for pam_tally.
> 
> auth required /lib/security/pam_tally.so file=/var/log/faillog
> account required /lib/security/pam_tally.so ffile=/var/log/faillog deny=2
> 
> I have also tryed the no_reset, no_lock_time and per_user options for the 
> account entry.
> 
> It works except for the updating of the count in the faillog file. The line 
> and time are modified after each failed login but the count does not 
> change. If I manually chage the count (using pam_tally) to a value above 
> the deny value then the login is denied.
> 

I cannot answer your question but I can give you a working example
from our Red Hat 7.3 system. Here's what our pam.d/login looks like:

#%PAM-1.0
auth       required     /lib/security/pam_securetty.so
auth       required     /lib/security/pam_pwdb.so shadow nullok
auth       required     /lib/security/pam_nologin.so
auth       required     /lib/security/pam_shells.so
auth       required     /lib/security/pam_tally.so onerr=fail no_magic_root
account    required     /lib/security/pam_pwdb.so
account    required     /lib/security/pam_tally.so deny=5 reset no_magic_root even_deny_root_account
password   required     /lib/security/pam_cracklib.so
password   required     /lib/security/pam_pwdb.so nullok use_authtok md5 shadow
session    required     /lib/security/pam_pwdb.so
session    optional     /lib/security/pam_console.so

-- 
 Scott Russell (lnxgeek@us.ibm.com)
 Linux Technology Center, System Admin, RHCE.
 Call 711 then ask for 919-543-9289 (TTY/TTD)
 http://bzimage.raleigh.ibm.com/webcam





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []