I can't get password-based failures to be recorded using pam_tally. Anyone have any PAM/sshd insight? Here's my /etc/pam.d/sshd: #%PAM-1.0 auth required pam_stack.so service=system-auth auth required pam_tally.so auth required pam_nologin.so account required pam_tally.so deny=3 account required pam_stack.so service=system-auth password required pam_stack.so service=system-auth session required pam_stack.so service=system-auth session required pam_limits.so session optional pam_console.so /var/log/faillog is never written to when a failed password-based login attempt occurs. # ls -l /var/log/faillog -rw-r----- 1 root root 12312 Oct 16 10:31 /var/log/faillog I tried restarting sshd, but no luck. Nothing helpful about why these attempts are not recorded. I'm running Fedora Core 1 with openssh-server-3.6.1p2-19. Do I need PAMAuthenticationViaKbdInt or UseLogin or something else set in /etc/ssh/sshd_config? I don't want to mess with these without understanding their purpose. I did get pam_tally to work with 'su' by modifying /etc/pam.d/su in a similar way. Anyone know why /etc/pam.d/su uses the following format for specifying the location of a PAM module? auth required /lib/security/$ISA/pam_tally.so >From what I can tell, /lib/security/ is the default location searched for modules, so this seems unnecessary. -- Adam Monsen <adamm@xxxxxxxxxxxxx> http://adammonsen.com/ _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
