On Thu, 24 Apr 2003, Jeremy Godfrey wrote: > Hi Werner, > > I had those settings in pam.d/login. After looking at your web site I > moved them to pam.d/system-auth and it works now. I think pam.d/login is used for telnet and local login only. If you use pam.d/system-auth, then it will apply to telnet, ssh, ftp, etc. Werner > > Many thanks, > Jeremy Godfrey > > > -----Original Message----- > > From: pam-list-admin@xxxxxxxxxx > > [mailto:pam-list-admin@xxxxxxxxxx] On Behalf Of Werner Puschitz > > Sent: 24 April 2003 20:40 > > To: pam-list@xxxxxxxxxx > > Subject: Re: pam_tally on Red Hat 8.0 > > > > pam_tally is working on RH 8.0. I verified it on my RH 8.0 > > box for login > > and sshd. Check out http://www.puschitz.com/Security.shtml > > > > You basically need to add two lines: > > auth required /lib/security/pam_tally.so > > onerr=fail no_magic_root > > and > > account required /lib/security/pam_tally.so deny=3 > > no_magic_root reset > > > > Here is an example for /etc/pam.d/login. It will lock the > > account after > > 3 failed login attempts: > > > > #%PAM-1.0 > > auth required /lib/security/pam_securetty.so > > auth required /lib/security/pam_stack.so service=system-auth > > auth required /lib/security/pam_tally.so > > onerr=fail no_magic_root > > auth required /lib/security/pam_nologin.so > > account required /lib/security/pam_tally.so deny=3 > > no_magic_root reset > > account required /lib/security/pam_stack.so service=system-auth > > password required /lib/security/pam_stack.so service=system-auth > > session required /lib/security/pam_stack.so service=system-auth > > session optional /lib/security/pam_console.so > > > > And here is an example for /etc/pam.d/sshd: > > #%PAM-1.0 > > auth required /lib/security/pam_stack.so service=system-auth > > auth required /lib/security/pam_tally.so > > onerr=fail no_magic_root > > auth required /lib/security/pam_nologin.so > > account required /lib/security/pam_tally.so deny=5 > > no_magic_root reset > > account required /lib/security/pam_stack.so service=system-auth > > password required /lib/security/pam_stack.so service=system-auth > > session required /lib/security/pam_stack.so service=system-auth > > session required /lib/security/pam_limits.so > > session optional /lib/security/pam_console.so > > > > To unlock the account, run: > > faillog -u <username> -r > > > > Werner > > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.474 / Virus Database: 272 - Release Date: 18/04/2003 > > > > > _______________________________________________ > > Pam-list@xxxxxxxxxx > https://listman.redhat.com/mailman/listinfo/pam-list > _______________________________________________ Pam-list@xxxxxxxxxx https://listman.redhat.com/mailman/listinfo/pam-list
