On Mon, Jan 24, Asif Iqbal wrote: > Hi All > > I am planning to use pam_tally for console login to the server. Now I > like use it only for root account and no other user. In other words only > for root account allow 3 try and then lock it out until someone manually > reset it. We have system admin users who have full sudo access to do > that. User's do not need to be tallied becasue they all use SecurID for > authentication which has been setup to lock account after 3 fail tries. > > Is that possible or should I look for a different solution? It should be possible, if you use the per_user setting and aonly set a limit with faillog -m. Thorsten -- Thorsten Kukuk http://www.suse.de/~kukuk/ kukuk@xxxxxxx SuSE Linux Products GmbH Maxfeldstr. 5 D-90409 Nuernberg -------------------------------------------------------------------- Key fingerprint = A368 676B 5E1B 3E46 CFCE 2D97 F8FD 4E23 56C6 FB4B _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
