[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Register "telnet" login failures with pam_tally



On Fri, Nov 12, 2004 at 01:52:15PM +0000, Billy Snider wrote:
> Has anyone had problems getting login failures to register with Fedora
> Core 3?  I am trying to "telnet" into the system and get a failure to
> register.
> 
> Here is my "login" file:
> 
> #%PAM-1.0
> auth       required     pam_securetty.so
> auth       required     pam_stack.so service=system-auth
> auth       required     /lib/security/pam_tally.so deny=5 onerr=fail
> no_magic_root
> auth       required     pam_nologin.so
> account    required     pam_stack.so service=system-auth
> password   required     pam_stack.so service=system-auth
[snip]

> Failures do register in the "/var/log/messages" but not
> "/var/log/faillog".
> 
> It acts as if "telnet" doesn't even use the "login" configuration file
> within "/etc/pam.d".
> 
> >From a previous posting "ssh" logins register failures just fine with
> the following in the "sshd" file:
> 
> auth       required     pam_stack.so service=system-auth
> auth       required     pam_nologin.so
> auth       required     pam_tally.so no_magic_root
> account    required     pam_tally.so deny=3 no_magic_root per_user
> account    required     pam_stack.so service=system-auth
[snip]

In the configuration file for "login", you're passing the "deny=" flag
to pam_tally when used as an "auth" module, while in "sshd", the "deny="
flag is being correctly passed to pam_tally being used as an "account"
module.  You also don't seem to be calling pam_tally as an "account"
module in the "login" configuration file.

HTH,

Nalin


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]