I added your patch, recompiled, and copied the new pam_tally.so into /lib/security over the old one. It seems to find excess failures, and apparently returns PAM_AUTH_ERR, but how do you get the system to react? I see the excesses noted in /var/log/messages but no other system response: further login attempts with a good password are accepted, and the tally in /var/log/faillog is not reset after a successful login. I made these entries to /etc/pam.d/system-auth (should they be the first entries?): # login attempts: auth requisite /lib/security/$ISA/pam_tally.so onerr=fail deny=2 Account sufficient /lib/security/$ISA/pam_tally.so reset Thanks. Tom Browder SRS Technologies, Inc. 362 Beal Parkway, N.W., Suite 201 Fort Walton Beach, FL 32548-3975 Tel: 850-862-4188 Fax: 850-862-8055 > -----Original Message----- > From: Tomas Mraz [mailto:tmraz@xxxxxxxxxx] > Sent: Tuesday, December 14, 2004 12:31 PM > To: Browder, Tom > Subject: RE: Linux Fedora Core 2: Password, Login, and Pam > > On Tue, 2004-12-14 at 11:51 -0600, Browder, Tom wrote: > > Tomas, I need this functionality. I have downloaded the pam source > > (Linux-PAM-0.78.tar.gz)and want to help with this fix. Can > I get your > > patch and test it? > > > > Thanks. > > > > Tom Browder > > Here is the patch. You can test it however I plan to change it anyway. > > -- > Tomas Mraz <tmraz@xxxxxxxxxx> > _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
