pam_abl and sshd MaxAuthTries strangeness (was Re: pam_tally with sshd: ssh password-based failures not tally'd)
Andy Armstrong
andy at hexten.net
Mon Jan 10 23:55:11 UTC 2005
George Hansper wrote:
> I'd like to set the MaxAuthTries for passwords as low as
> possible (ie 1 only), since that this the only way to get
> sensible results from failed-login counters such as
> pam_tally and pam_abl.
You can just scale the trigger levels accordingly though. I'm running a
pam_abl setup which only allows three failures an hour but as far as the
user's concerned they get nine attempts to remember their password
because sshd allows three retries per connect.
That's unless I'm missing something of course :)
--
Andy Armstrong, hexten.net
More information about the Pam-list
mailing list