Gettring Started

[Terry Orgill]

I am urgently trying to get PAM working for a customer (RH 7.1, PAM 0.77) that is about to undergo a security audit.  I need password expiration, minimum password length, no reuse of passwords, lockout of users after three unsuccessful attempts to login, one session only for users.  I have the one session part working (/etc/security/limits.conf), but nothing else will.  I am using pam_cracklib.so, pam_pwdb.so for the password part.  I am using pam_tally.so for the login part.  It just ignores me.  I did manage to get a user locked out by substituting pam.conf for pam.d, but then I could not get the user unlocked.  If I run pam_tally --user<username> it always returns a 0 for unsuccessful attempts no matter how many there are.  I know this stuff must work, but I am having a hell of a time figuring it out.  HELP!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pam-list/attachments/20040923/9ac9bb0b/attachment.htm>