pam_tally & SSH not working properly at all -- FC5T3 w/ pam 0.99
Stewart Adam
compustew at hotmail.com
Sun Mar 5 06:29:22 UTC 2006
Hello,
I'm completely confused, maybe it's a bug.
http://www.fedoraforum.org/forum/showthread.php?t=97416
I've started a thread there on FedoraForum with more info, but basically
this is my situation:
- /etc/pam.d/sshd file:
-- start --
#%PAM-1.0
auth include system-auth
auth required pam_tally.so onerr=fail deny=3
account required pam_nologin.so
account include system-auth
account required pam_tally.so
password include system-auth
session include system-auth
session required pam_loginuid.so
-- end --
- I do have pam enabled in my sshd_config file.
- I only want pam_tally for my ssh server, so that's why it's only in sshd
and non system authentication.
Here's the problem:
--> I reset my counter just incase
--> I do 5 bad SSH logins, even though my counter is 3 just to make sure
--> I run "pam_tally --user admin" and it shows my 5 bad attempts
--> My system logs show pam_tally is recording my bad attempts
--> If I type the right password it still lets my login
In FC5T3 there's an additional "pam_tally2" module. Should I be using this
one? I tried using that one with the same options and it still has no effect
but the same results.
Thanks a ton,
Firewing1
More information about the Pam-list
mailing list