Re: pam_tally

"Christopher C. Weis" <ccweis@xxxxxxxxxxxxxxxxxxxxx> · Wed, 09 Apr 2003 15:39:53 -0500

What type of login?  SSH?  Telnet?  FTP? (or actual login)?  It all 
depends on what service you're trying protect from multiple failed 
attempts.  If you want to get them all, put it in system-auth.

~Chris

GYR@xxxxxxxx wrote:

One more thing I forgot to add I did try and add this line to
/etc/pam.d/login

auth       required     /lib/security/pam_securetty.so
auth       required     /lib/security/pam_stack.so service=system-auth
auth       required     /lib/security/pam_nologin.so

auth       required     /lib/security/pam_tally.so

account    required     /lib/security/pam_stack.so service=system-auth
password   required     /lib/security/pam_stack.so service=system-auth
session    required     /lib/security/pam_stack.so service=system-auth
session    optional     /lib/security/pam_console.so

Is this the right spot to tell the system to lock out accounts after too
many failed attempts at login..?
Again thanks everyone in advance

                     GYR@xxxxxxxx
                     Sent by:                 To:       pam-list@xxxxxxxxxx
                     pam-list-admin@xx        cc:
                     dhat.com                 Fax to:
                                              Subject:  Re: pam_tally

                     04/09/2003 01:05
                     PM
                     Please respond to
                     pam-list

Hi there, thanks again for taking the time to help me...

What I need to do is have pam (or something else) lock out a user account
after a number of specified failed  login attempts.
I have looked at the utility faillog,  This allows me to supposedly set the
number of tries,and somehow I came to the conclusion
that pam_tally would use this utility to lock the account. I may be way off
base here. Wouldnt be the first time yeiks..
Thanks

Gene Reynolds

                     "Christopher C.
                     Weis"                      To:
                     pam-list@xxxxxxxxxx
                     <ccweis@xxxxxxxxxxx        cc:
                     .uiowa.edu>                Fax to:
                     Sent by:                   Subject:  Re: pam_tally
                     pam-list-admin@xxxx
                     at.com

                     04/09/2003 12:00 PM
                     Please respond to
                     pam-list

Well, yes and no.  pam_tally is a PAM module that you need to add to a
file in /etc/pam.d for the particular service or services you want to
"tally."  It does not get its own file.

Maybe a little summary of what you're trying to achieve would help me
explain things better.  Sorry if this isn't what you wanted to know.

~Chris

GYR@xxxxxxxx wrote:

Chris, actually I did read this. Is there supposed to be a config file in

/etc/pam.d for tally ? I have to admit that pam and I are not that

familiar

with each other sigh!

                    "Christopher C.

                    Weis"                      To:

pam-list@xxxxxxxxxx

                    <ccweis@xxxxxxxxxxx        cc:
                    .uiowa.edu>                Fax to:
                    Sent by:                   Subject:  Re: pam_tally
                    pam-list-admin@xxxx
                    at.com

                    04/09/2003 08:08 AM
                    Please respond to
                    pam-list

I'll state the obvious.  Forgive me if you've already read this

document...

/usr/share/doc/pam-0.75/txts/README.pam_tally, or something similar.

Good luck.

~Chris

GYR@xxxxxxxx wrote:

Hello all, I have a Redhat 8.0 distribution. I am trying to understand
pam_tally. Can anyone point me to a spot that can
help me understand this and make it work. Thanks in advance..

Gene Reynolds
Sr. Engineer
BBWXT

_______________________________________________

Pam-list@xxxxxxxxxx
https://listman.redhat.com/mailman/listinfo/pam-list

--

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~
~  Christopher C. Weis
~  |
~  \---> Linux System Administrator
~      |--> University of Iowa, College of Engineering
~      |--> 1253 SC, Iowa City, IA, (319)335-5055
~      |--> ccweis@xxxxxxxxxxxxxxxxxxxxx
~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

_______________________________________________

Pam-list@xxxxxxxxxx
https://listman.redhat.com/mailman/listinfo/pam-list

_______________________________________________

Pam-list@xxxxxxxxxx
https://listman.redhat.com/mailman/listinfo/pam-list

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~
~  Christopher C. Weis
~  |
~  \---> Linux System Administrator
~      |--> University of Iowa, College of Engineering
~      |--> 1253 SC, Iowa City, IA, (319)335-5055
~      |--> ccweis@xxxxxxxxxxxxxxxxxxxxx
~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

_______________________________________________

Pam-list@xxxxxxxxxx
https://listman.redhat.com/mailman/listinfo/pam-list

_______________________________________________

Pam-list@xxxxxxxxxx
https://listman.redhat.com/mailman/listinfo/pam-list

_______________________________________________

Pam-list@xxxxxxxxxx

https://listman.redhat.com/mailman/listinfo/pam-list

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~
~  Christopher C. Weis
~  |
~  \---> Linux System Administrator
~      |--> University of Iowa, College of Engineering
~      |--> 1253 SC, Iowa City, IA, (319)335-5055
~      |--> ccweis@xxxxxxxxxxxxxxxxxxxxx
~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

_______________________________________________

Pam-list@xxxxxxxxxx
https://listman.redhat.com/mailman/listinfo/pam-list