On Thu, 17 Aug 2000, Michael A. Dietz wrote: OK, I figured it out, it was RTFM ! see below.. > I am having problems with pam_tally not working for ssh,ftp, telnet. I am > using pam-0.72 on RedHat 6.2, telnet-server-0.16-6.rpm, > openssh-server-2.1.1p2, and proftpd-1.2.0. I know openssh and proftpd are > compiled with pam support, the redhat telnet server I don't know, although > it claims to run /bin/login by default. > > The only thing it appears to work with is login, although I modified the > sshd and ftp file the same as login below: > #%PAM-1.0 > auth required /lib/security/pam_securetty.so > auth required /lib/security/pam_tally.so auth required /lib/security/pam_tall.so no_magic_root > auth required /lib/security/pam_pwdb.so shadow nullok > auth required /lib/security/pam_nologin.so > account required /lib/security/pam_tally.so deny=5 reset account required /lib/security/pam_tally.so no_magic_root deny=5 reset > account required /lib/security/pam_pwdb.so > password required /lib/security/pam_cracklib.so > password required /lib/security/pam_pwdb.so nullok use_authtok md5 > shadow > session required /lib/security/pam_pwdb.so > session optional /lib/security/pam_console.so > > So if telnetd runs /bin/login, how come if I run /bin/login as a user the > tally function works, but if I login via telnet it doesn't ? Also, is > there some kind of sshd bug I don't know about, and what about ftp ? > What should the permissions be on /var/log/faillog and what user:group > should own it ? > > > Thanks, > > > ---------------- > Running on Linux 2.4 > Michael A. Dietz > mad099@dietznet.net > > ---------------- Running on Linux 2.4 Michael A. Dietz mad099@dietznet.net
