RE: pam_tally on Red Hat 8.0

"Jeremy Godfrey" <jngcomp@xxxxxxxxxxxx> · Thu, 24 Apr 2003 21:31:34 +0100

Hi Werner,

I had those settings in pam.d/login. After looking at your web site I
moved them to pam.d/system-auth and it works now.

Many thanks,
Jeremy Godfrey

> -----Original Message-----
> From: pam-list-admin@xxxxxxxxxx 
> [mailto:pam-list-admin@xxxxxxxxxx] On Behalf Of Werner Puschitz
> Sent: 24 April 2003 20:40
> To: pam-list@xxxxxxxxxx
> Subject: Re: pam_tally on Red Hat 8.0
> 
> pam_tally is working on RH 8.0. I verified it on my RH 8.0 
> box for login 
> and sshd. Check out http://www.puschitz.com/Security.shtml
> 
> You basically need to add two lines:
> auth        required      /lib/security/pam_tally.so 
> onerr=fail no_magic_root
> and
> account     required      /lib/security/pam_tally.so deny=3 
> no_magic_root reset
> 
> Here is an example for /etc/pam.d/login. It will lock the 
> account after 
> 3 failed login attempts:
> 
> #%PAM-1.0
> auth       required     /lib/security/pam_securetty.so
> auth       required     /lib/security/pam_stack.so service=system-auth
> auth        required      /lib/security/pam_tally.so 
> onerr=fail no_magic_root
> auth       required     /lib/security/pam_nologin.so
> account     required      /lib/security/pam_tally.so deny=3 
> no_magic_root reset
> account    required     /lib/security/pam_stack.so service=system-auth
> password   required     /lib/security/pam_stack.so service=system-auth
> session    required     /lib/security/pam_stack.so service=system-auth
> session    optional     /lib/security/pam_console.so
> 
> And here is an example for /etc/pam.d/sshd:
> #%PAM-1.0
> auth       required     /lib/security/pam_stack.so service=system-auth
> auth        required      /lib/security/pam_tally.so 
> onerr=fail no_magic_root
> auth       required     /lib/security/pam_nologin.so
> account     required      /lib/security/pam_tally.so deny=5 
> no_magic_root reset
> account    required     /lib/security/pam_stack.so service=system-auth
> password   required     /lib/security/pam_stack.so service=system-auth
> session    required     /lib/security/pam_stack.so service=system-auth
> session    required     /lib/security/pam_limits.so
> session    optional     /lib/security/pam_console.so
> 
> To unlock the account, run:
> faillog -u <username> -r
> 
> Werner

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.474 / Virus Database: 272 - Release Date: 18/04/2003

_______________________________________________

Pam-list@xxxxxxxxxx
https://listman.redhat.com/mailman/listinfo/pam-list