The module is complete and working now. It successfully rejects auth attempts from hosts that are responsible for excessive authentication failures according to a configurable set of rules.
Incidentally I assume this is what people are using for their attacks: http://packetstormsecurity.nl/filedesc/hydra-4.5-src.tar.html
Its signature in terms of the timing of login attempts is the same as the real attacks I've been seeing. It's also quite useful for stress testing pam_abl :)
-- Andy Armstrong
_______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list