Is this a reasonable approach?

[Andy Armstrong]

Hi folks and happy new year,

I'm writing a PAM module that will allow me to reject connections from 
remote hosts that have been responsible a large number of failed login 
attempts. I've pretty much got working code but I'm agonising over the 
best way to log failed attempts.

I can get something working by flagging a request as potentially failed 
during auth processing and then clearing that flag if we get as far as 
session processing. I'd use pam_set_data() effectively for the side 
effect of giving me a callback to the cleanup routine which is where I'd 
actually record the success or failure of the login attempt (in a DBM 
database).

I assume that'll work in which case it'll scratch my immediate itch but 
I also assume that it's not the cleanest way to detect a failed auth 
attempt. Can anyone recommend a nicer approach?

-- 
Andy Armstrong