pam_tally: unknown option
Joe_Wulf
Joe_Wulf at yahoo.com
Mon Jun 16 12:37:29 UTC 2008
I've played with PAM some, and am learning more all the time. One resource I
turn to pretty frequently is the PAM documentation found at
kernel.org/pub/linux/libs/pam. From what I've learned along the way, I think
your "auth" line isn't the right place for the "deny" option, and that would be
why you get the errors you do.
What works for me is to have the deny option be on the "account" line, as
follows:
account required /lib/security/$ISA/pam_tally.so deny=2
Secondly, I'd recommend upgrading to a newer version of PAM, .77 is quite
outdated. You'll probably have much greater success with a newer release.
Good luck!
R,
-Joe Wulf, CISSP, USN(RET)
Senior IA Engineer
ProSync Technology Group, LLC
www.prosync.com
_____
From: pam-list-bounces at redhat.com [mailto:pam-list-bounces at redhat.com] On Behalf
Of Monu Agrawal
Sent: Monday, June 16, 2008 07:39
To: pam-list at redhat.com
Subject: pam_tally: unknown option
Hi,
I am using pam-0.77-65.1. The problem I am getting with it is, I am not able to
set deny and unlock_time options.
My file looks like following:
#%PAM-1.0
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
auth required pam_tally.so deny=3 onerr=fail unlock_time=600
account required pam_tally.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
I am getting the following error messages on /var/log/messages
Jun 16 17:05:32 ssc-216 pam_tally[26272]: pam_tally: unknown option; deny=3
Jun 16 17:05:32 ssc-216 pam_tally[26272]: pam_tally: unknown option;
unlock_time=600
Are these options available on the this particular version? Can anybody tell me
what is wrong with the above config?
--
The things we know best are
the things we haven't been taught.
'Make Your Own Way'
Monu Agrawal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pam-list/attachments/20080616/1a07f568/attachment.htm>
More information about the Pam-list
mailing list