Register "telnet" login failures with pam_tally
Billy Snider
bbsnider at link.com
Fri Nov 12 13:52:15 UTC 2004
Has anyone had problems getting login failures to register with Fedora
Core 3? I am trying to "telnet" into the system and get a failure to
register.
Here is my "login" file:
#%PAM-1.0
auth required pam_securetty.so
auth required pam_stack.so service=system-auth
auth required /lib/security/pam_tally.so deny=5 onerr=fail
no_magic_root
auth required pam_nologin.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_stack.so service=system-auth
session optional pam_console.so
# pam_selinux.so open should be the last session rule
session required pam_selinux.so multiple open
Failures do register in the "/var/log/messages" but not
"/var/log/faillog".
It acts as if "telnet" doesn't even use the "login" configuration file
within "/etc/pam.d".
>From a previous posting "ssh" logins register failures just fine with
the following in the "sshd" file:
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
auth required pam_tally.so no_magic_root
account required pam_tally.so deny=3 no_magic_root per_user
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_selinux.so
session required pam_stack.so service=system-auth
session required pam_limits.so
session optional pam_console.so
Any help would be greatly appreciated.
More information about the Pam-list
mailing list