|
I am urgently trying to get PAM working for a
customer (RH 7.1, PAM 0.77) that is about to undergo a security audit. I
need password expiration, minimum password length, no reuse of passwords,
lockout of users after three unsuccessful attempts to login, one session only
for users. I have the one session part working
(/etc/security/limits.conf), but nothing else will. I am using
pam_cracklib.so, pam_pwdb.so for the password part. I am using
pam_tally.so for the login part. It just ignores me. I did manage to
get a user locked out by substituting pam.conf for pam.d, but then I could not
get the user unlocked. If I run pam_tally --user<username> it always
returns a 0 for unsuccessful attempts no matter how many there are. I know
this stuff must work, but I am having a hell of a time figuring it out.
HELP!
|
_______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
