[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Authentication problems with pam_tally2 and Ansible



Hi,

I'm having some issues using the pam_tally2 module with Ansible and I'd like to make sure my PAM configuration is correct.
I've configured pam_tally2 by adding the following line in /etc/pam.d/common-auth:

auth  required  pam_tally2.so file=/var/log/tallylog  deny=5  even_deny_root  unlock_time=1200

Is this line correct and in the right place? Is there some other configuration I should add?

This seems to be working ok with interactive sessions, but I'm experiencing strange authentication problems with Ansible. I've an Ansible playbook that basically runs the chage command for a bunch of users in a loop with sudo. Some of the commands get correctly executed but playbook execution gets aborted due to "Incorrect sudo password". Also, pam_tally2 reports multiple login failures for the user running the script. Since some of the chage commands succeed the sudo password must have been correctly typed.

Can this be caused by a flawed pam_tally2 configuration?
This is on Ubuntu 16.04.

marko

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]