On Wed, Jun 26, 2002 at 06:10:17PM -0500, john doe wrote: > I have installed Redhat Linux 7.3 on a Sony laptop. I want to be able to > stop logins after a certain number of failed attempts. I have edited the > /etc/pam.d/login file and added an auth and account line for pam_tally. > > auth required /lib/security/pam_tally.so file=/var/log/faillog > account required /lib/security/pam_tally.so ffile=/var/log/faillog deny=2 > > I have also tryed the no_reset, no_lock_time and per_user options for the > account entry. > > It works except for the updating of the count in the faillog file. The line > and time are modified after each failed login but the count does not > change. If I manually chage the count (using pam_tally) to a value above > the deny value then the login is denied. > I cannot answer your question but I can give you a working example from our Red Hat 7.3 system. Here's what our pam.d/login looks like: #%PAM-1.0 auth required /lib/security/pam_securetty.so auth required /lib/security/pam_pwdb.so shadow nullok auth required /lib/security/pam_nologin.so auth required /lib/security/pam_shells.so auth required /lib/security/pam_tally.so onerr=fail no_magic_root account required /lib/security/pam_pwdb.so account required /lib/security/pam_tally.so deny=5 reset no_magic_root even_deny_root_account password required /lib/security/pam_cracklib.so password required /lib/security/pam_pwdb.so nullok use_authtok md5 shadow session required /lib/security/pam_pwdb.so session optional /lib/security/pam_console.so -- Scott Russell (lnxgeek@us.ibm.com) Linux Technology Center, System Admin, RHCE. Call 711 then ask for 919-543-9289 (TTY/TTD) http://bzimage.raleigh.ibm.com/webcam
