pam_tally with sshd: ssh password-based failures not tally'd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I can't get password-based failures to be recorded using pam_tally.
Anyone have any PAM/sshd insight? Here's my /etc/pam.d/sshd:

#%PAM-1.0
auth       required     pam_stack.so service=system-auth
auth       required     pam_tally.so
auth       required     pam_nologin.so
account    required     pam_tally.so deny=3
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth
session    required     pam_limits.so
session    optional     pam_console.so

/var/log/faillog is never written to when a failed password-based
login attempt occurs.

# ls -l /var/log/faillog
-rw-r-----  1 root root 12312 Oct 16 10:31 /var/log/faillog

I tried restarting sshd, but no luck. Nothing helpful about why these
attempts are not recorded. I'm running Fedora Core 1 with
openssh-server-3.6.1p2-19.

Do I need PAMAuthenticationViaKbdInt or UseLogin or something else set
in /etc/ssh/sshd_config? I don't want to mess with these without
understanding their purpose.

I did get pam_tally to work with 'su' by modifying /etc/pam.d/su in a
similar way. Anyone know why /etc/pam.d/su uses the following format
for specifying the location of a PAM module?
auth       required     /lib/security/$ISA/pam_tally.so

>From what I can tell, /lib/security/ is the default location searched
for modules, so this seems unnecessary.

-- 
Adam Monsen <adamm@xxxxxxxxxxxxx>
http://adammonsen.com/

_______________________________________________

Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list

[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux