[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: pam_tally only for root

Asif Iqbal wrote:

Hi All

I am planning to use pam_tally for console login to the server. Now I
like use it only for root account and no other user. In other words only
for root account allow 3 try and then lock it out until someone manually
reset it. We have system admin users who have full sudo access to do
that. User's do not need to be tallied becasue they all use SecurID for
authentication which has been setup to lock account after 3 fail tries.

Is that possible or should I look for a different solution?

<plug>pam_abl would most likely do the trick</plug>

That will automatically block different accounts based on a flexible set of rules. It can also block based on the incoming host/ip so that if you got a lot of hits from one host that host will be blacklisted without affecting any others.


Andy Armstrong, hexten.net

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]