Authentication problems with pam_tally2 and Ansible
Marko Asplund
marko.asplund at gmail.com
Sat Nov 26 10:16:56 UTC 2016
Hi,
I'm having some issues using the pam_tally2 module with Ansible and I'd
like to make sure my PAM configuration is correct.
I've configured pam_tally2 by adding the following line in
/etc/pam.d/common-auth:
auth required pam_tally2.so file=/var/log/tallylog deny=5
even_deny_root unlock_time=1200
Is this line correct and in the right place? Is there some other
configuration I should add?
This seems to be working ok with interactive sessions, but I'm experiencing
strange authentication problems with Ansible. I've an Ansible playbook that
basically runs the chage command for a bunch of users in a loop with sudo.
Some of the commands get correctly executed but playbook execution gets
aborted due to "Incorrect sudo password". Also, pam_tally2 reports multiple
login failures for the user running the script. Since some of the chage
commands succeed the sudo password must have been correctly typed.
Can this be caused by a flawed pam_tally2 configuration?
This is on Ubuntu 16.04.
marko
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pam-list/attachments/20161126/37fa590a/attachment.htm>
More information about the Pam-list
mailing list