On Thu, 24 Apr 2003 GYR@xxxxxxxx wrote: > > Hi Jeremy > > I too fought the Pam_tally for a week. I was convinced that it does > not work correctly, however a co-worker of mine seems to think that he has > it working. I will get in touch with him and find out what he did. You will > need to look at the man pages for faillog also to understand what pam_tally > is doing. pam_tally is working on RH 8.0. I verified it on my RH 8.0 box for login and sshd. Check out http://www.puschitz.com/Security.shtml You basically need to add two lines: auth required /lib/security/pam_tally.so onerr=fail no_magic_root and account required /lib/security/pam_tally.so deny=3 no_magic_root reset Here is an example for /etc/pam.d/login. It will lock the account after 3 failed login attempts: #%PAM-1.0 auth required /lib/security/pam_securetty.so auth required /lib/security/pam_stack.so service=system-auth auth required /lib/security/pam_tally.so onerr=fail no_magic_root auth required /lib/security/pam_nologin.so account required /lib/security/pam_tally.so deny=3 no_magic_root reset account required /lib/security/pam_stack.so service=system-auth password required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_stack.so service=system-auth session optional /lib/security/pam_console.so And here is an example for /etc/pam.d/sshd: #%PAM-1.0 auth required /lib/security/pam_stack.so service=system-auth auth required /lib/security/pam_tally.so onerr=fail no_magic_root auth required /lib/security/pam_nologin.so account required /lib/security/pam_tally.so deny=5 no_magic_root reset account required /lib/security/pam_stack.so service=system-auth password required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_limits.so session optional /lib/security/pam_console.so To unlock the account, run: faillog -u <username> -r Werner > > Gene Reynolds > gyr@xxxxxxxx > > > > > > "Jeremy Godfrey" > <jngcomp@xxxxxxxx To: <pam-list@xxxxxxxxxx> > .com> cc: > Sent by: Fax to: > pam-list-admin@xx Subject: pam_tally on Red Hat 8.0 > dhat.com > > > 04/24/2003 11:07 > AM > Please respond to > pam-list > > > > > > > Hi, > > Has anyone managed to get pam_tally to work on Red Hat 8.0? I have made > the relevant entries in pam.d/login but it doesn't seem to have any > effect. > > Regards, > Jeremy Godfrey > > > > _______________________________________________ > > Pam-list@xxxxxxxxxx > https://listman.redhat.com/mailman/listinfo/pam-list > > > > > > > _______________________________________________ > > Pam-list@xxxxxxxxxx > https://listman.redhat.com/mailman/listinfo/pam-list > _______________________________________________ Pam-list@xxxxxxxxxx https://listman.redhat.com/mailman/listinfo/pam-list
