pam_tally: unknown option
Vasudeva R
rachamad at gmail.com
Tue Jun 17 15:35:37 UTC 2008
unlock_time=600 option is invalid in pam-0.77-65.1.
You have to download latest PAM version. Otherwise you can write crontab for
unlocking after 30 minutes by seeing faillog output.
Ex: using awk and crontab you can do this
faillog | grep -v Username | awk '$2>5{system("printf "$1":"$2":; date +%s
-d \""$5" "$6" "$7"\"")}' | \
awk -F: '1800 < (systime()-$3){print $1; print "User "$1" no longer
locked-out: "strftime("%D-%H:%M:%S") >> "/var/log/faillog
clear"}' | \
xargs -i faillog -u {} -r
Let me know if it helps for you.
Regards,
Vasu
On Mon, Jun 16, 2008 at 3:34 PM, Vasudeva R <rachamad at gmail.com> wrote:
>
> Hi Monu,
>
> Try with following lines. It is working for me without any problem.
>
> auth required pam_tally.so onerr=fail no_magic_root
>
> account required pam_tally.so per_user deny=5 no_magic_root reset
>
> Let me know.
>
> Regards,
> Vasudeva
>
>
> RE: pam_tally: unknown option
> ------------------------------
>
> - *From*: "Monu Agrawal" <monuindia gmail com>
> - *To*: pam-list redhat com
> - *Subject*: RE: pam_tally: unknown option
> - *Date*: Tue, 17 Jun 2008 00:43:57 +0530
>
> ------------------------------
>
> Thanks Joe, but as per documents, deny and unlock_time are auth options,
> not thee account options. When I changed the config as you mentioned:
>
> account required pam_tally.so deny=2
>
> the error "unknown option deny" stopped coming but it didn't make any
> difference in the time it waits after wrong passwd, even if I make it 20.
> The version, I can't change because of some dependency reasons.
>
>
>
>
> --
> Regards,
> Vasudeva R
>
> Alternate mail id: rvasu_deva at hotmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pam-list/attachments/20080617/ae5d202d/attachment.htm>
More information about the Pam-list
mailing list