pam_tally only for root
Andy Armstrong
andy at hexten.net
Mon Jan 24 19:00:13 UTC 2005
Asif Iqbal wrote:
> Hi All
>
> I am planning to use pam_tally for console login to the server. Now I
> like use it only for root account and no other user. In other words only
> for root account allow 3 try and then lock it out until someone manually
> reset it. We have system admin users who have full sudo access to do
> that. User's do not need to be tallied becasue they all use SecurID for
> authentication which has been setup to lock account after 3 fail tries.
>
> Is that possible or should I look for a different solution?
<plug>pam_abl would most likely do the trick</plug>
That will automatically block different accounts based on a flexible set
of rules. It can also block based on the incoming host/ip so that if you
got a lot of hits from one host that host will be blacklisted without
affecting any others.
http://www.hexten.net/sw/pam_abl/index.mhtml
--
Andy Armstrong, hexten.net
More information about the Pam-list
mailing list