On Fri, Nov 12, 2004 at 01:52:15PM +0000, Billy Snider wrote: > Has anyone had problems getting login failures to register with Fedora > Core 3? I am trying to "telnet" into the system and get a failure to > register. > > Here is my "login" file: > > #%PAM-1.0 > auth required pam_securetty.so > auth required pam_stack.so service=system-auth > auth required /lib/security/pam_tally.so deny=5 onerr=fail > no_magic_root > auth required pam_nologin.so > account required pam_stack.so service=system-auth > password required pam_stack.so service=system-auth [snip] > Failures do register in the "/var/log/messages" but not > "/var/log/faillog". > > It acts as if "telnet" doesn't even use the "login" configuration file > within "/etc/pam.d". > > >From a previous posting "ssh" logins register failures just fine with > the following in the "sshd" file: > > auth required pam_stack.so service=system-auth > auth required pam_nologin.so > auth required pam_tally.so no_magic_root > account required pam_tally.so deny=3 no_magic_root per_user > account required pam_stack.so service=system-auth [snip] In the configuration file for "login", you're passing the "deny=" flag to pam_tally when used as an "auth" module, while in "sshd", the "deny=" flag is being correctly passed to pam_tally being used as an "account" module. You also don't seem to be calling pam_tally as an "account" module in the "login" configuration file. HTH, Nalin _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
