Asif Iqbal wrote:
Hi All
I am planning to use pam_tally for console login to the server. Now I like use it only for root account and no other user. In other words only for root account allow 3 try and then lock it out until someone manually reset it. We have system admin users who have full sudo access to do that. User's do not need to be tallied becasue they all use SecurID for authentication which has been setup to lock account after 3 fail tries.
Is that possible or should I look for a different solution?
<plug>pam_abl would most likely do the trick</plug>
That will automatically block different accounts based on a flexible set of rules. It can also block based on the incoming host/ip so that if you got a lot of hits from one host that host will be blacklisted without affecting any others.
http://www.hexten.net/sw/pam_abl/index.mhtml
-- Andy Armstrong, hexten.net
_______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
