Re: pam_tally

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



What type of login? SSH? Telnet? FTP? (or actual login)? It all depends on what service you're trying protect from multiple failed attempts. If you want to get them all, put it in system-auth.

~Chris

GYR@xxxxxxxx wrote:

One more thing I forgot to add I did try and add this line to
/etc/pam.d/login

auth       required     /lib/security/pam_securetty.so
auth       required     /lib/security/pam_stack.so service=system-auth
auth       required     /lib/security/pam_nologin.so

auth required /lib/security/pam_tally.so

account    required     /lib/security/pam_stack.so service=system-auth
password   required     /lib/security/pam_stack.so service=system-auth
session    required     /lib/security/pam_stack.so service=system-auth
session    optional     /lib/security/pam_console.so

Is this the right spot to tell the system to lock out accounts after too
many failed attempts at login..?
Again thanks everyone in advance



                     GYR@xxxxxxxx
                     Sent by:                 To:       pam-list@xxxxxxxxxx
                     pam-list-admin@xx        cc:
                     dhat.com                 Fax to:
                                              Subject:  Re: pam_tally

                     04/09/2003 01:05
                     PM
                     Please respond to
                     pam-list







Hi there, thanks again for taking the time to help me...

What I need to do is have pam (or something else) lock out a user account
after a number of specified failed  login attempts.
I have looked at the utility faillog,  This allows me to supposedly set the
number of tries,and somehow I came to the conclusion
that pam_tally would use this utility to lock the account. I may be way off
base here. Wouldnt be the first time yeiks..
Thanks

Gene Reynolds





                     "Christopher C.
                     Weis"                      To:
                     pam-list@xxxxxxxxxx
                     <ccweis@xxxxxxxxxxx        cc:
                     .uiowa.edu>                Fax to:
                     Sent by:                   Subject:  Re: pam_tally
                     pam-list-admin@xxxx
                     at.com


04/09/2003 12:00 PM Please respond to pam-list






Well, yes and no. pam_tally is a PAM module that you need to add to a file in /etc/pam.d for the particular service or services you want to "tally." It does not get its own file.

Maybe a little summary of what you're trying to achieve would help me
explain things better.  Sorry if this isn't what you wanted to know.

~Chris

GYR@xxxxxxxx wrote:



Chris, actually I did read this. Is there supposed to be a config file in
/etc/pam.d for tally ? I have to admit that pam and I are not that


familiar


with each other sigh!



"Christopher C.
Weis" To:


pam-list@xxxxxxxxxx


                    <ccweis@xxxxxxxxxxx        cc:
                    .uiowa.edu>                Fax to:
                    Sent by:                   Subject:  Re: pam_tally
                    pam-list-admin@xxxx
                    at.com


04/09/2003 08:08 AM Please respond to pam-list






I'll state the obvious. Forgive me if you've already read this


document...


/usr/share/doc/pam-0.75/txts/README.pam_tally, or something similar.

Good luck.

~Chris

GYR@xxxxxxxx wrote:





Hello all, I have a Redhat 8.0 distribution. I am trying to understand
pam_tally. Can anyone point me to a spot that can
help me understand this and make it work. Thanks in advance..

Gene Reynolds
Sr. Engineer
BBWXT




_______________________________________________ Pam-list@xxxxxxxxxx https://listman.redhat.com/mailman/listinfo/pam-list






--



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~
~  Christopher C. Weis
~  |
~  \---> Linux System Administrator
~      |--> University of Iowa, College of Engineering
~      |--> 1253 SC, Iowa City, IA, (319)335-5055
~      |--> ccweis@xxxxxxxxxxxxxxxxxxxxx
~



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~








_______________________________________________

Pam-list@xxxxxxxxxx
https://listman.redhat.com/mailman/listinfo/pam-list






_______________________________________________ Pam-list@xxxxxxxxxx https://listman.redhat.com/mailman/listinfo/pam-list





-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~ ~ Christopher C. Weis ~ | ~ \---> Linux System Administrator ~ |--> University of Iowa, College of Engineering ~ |--> 1253 SC, Iowa City, IA, (319)335-5055 ~ |--> ccweis@xxxxxxxxxxxxxxxxxxxxx ~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







_______________________________________________

Pam-list@xxxxxxxxxx
https://listman.redhat.com/mailman/listinfo/pam-list






_______________________________________________ Pam-list@xxxxxxxxxx https://listman.redhat.com/mailman/listinfo/pam-list






_______________________________________________

Pam-list@xxxxxxxxxx
https://listman.redhat.com/mailman/listinfo/pam-list



-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~ ~ Christopher C. Weis ~ | ~ \---> Linux System Administrator ~ |--> University of Iowa, College of Engineering ~ |--> 1253 SC, Iowa City, IA, (319)335-5055 ~ |--> ccweis@xxxxxxxxxxxxxxxxxxxxx ~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





_______________________________________________

Pam-list@xxxxxxxxxx
https://listman.redhat.com/mailman/listinfo/pam-list

[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux