pam_tally: unknown option

Joe_Wulf Joe_Wulf at yahoo.com
Mon Jun 16 12:37:29 UTC 2008 

I've played with PAM some, and am learning more all the time.  One resource I
turn to pretty frequently is the PAM documentation found at
kernel.org/pub/linux/libs/pam.  From what I've learned along the way, I think
your "auth" line isn't the right place for the "deny" option, and that would be
why you get the errors you do.

 

What works for me is to have the deny option be on the "account" line, as
follows:

account     required      /lib/security/$ISA/pam_tally.so deny=2

Secondly, I'd recommend upgrading to a newer version of PAM, .77 is quite
outdated.  You'll probably have much greater success with a newer release.

Good luck!


R,
-Joe Wulf, CISSP, USN(RET)
 Senior IA Engineer
 ProSync Technology Group, LLC
 www.prosync.com



  _____  

From: pam-list-bounces at redhat.com [mailto:pam-list-bounces at redhat.com] On Behalf
Of Monu Agrawal
Sent: Monday, June 16, 2008 07:39
To: pam-list at redhat.com
Subject: pam_tally: unknown option

 

Hi,
I am using pam-0.77-65.1. The problem I am getting with it is, I am not able to
set deny and unlock_time options.
My file looks like following:
#%PAM-1.0
auth       required     pam_stack.so service=system-auth
auth       required     pam_nologin.so
auth       required     pam_tally.so deny=3 onerr=fail unlock_time=600
account    required     pam_tally.so
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth

I am getting the following error messages on /var/log/messages

Jun 16 17:05:32 ssc-216 pam_tally[26272]: pam_tally: unknown option; deny=3
Jun 16 17:05:32 ssc-216 pam_tally[26272]: pam_tally: unknown option;
unlock_time=600

Are these options available on the this particular version? Can anybody tell me
what is wrong with the above config?

-- 
The things we know best are 
the things we haven't been taught.
'Make Your Own Way'
Monu Agrawal 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pam-list/attachments/20080616/1a07f568/attachment.htm>

More information about the Pam-list mailing list