On Sun, 2006-03-05 at 01:29 -0500, Stewart Adam wrote: > Hello, > I'm completely confused, maybe it's a bug. > http://www.fedoraforum.org/forum/showthread.php?t=97416 > I've started a thread there on FedoraForum with more info, but basically > this is my situation: > - /etc/pam.d/sshd file: > -- start -- > #%PAM-1.0 > auth include system-auth > auth required pam_tally.so onerr=fail deny=3 Move pam_tally.so before the include. > account required pam_nologin.so > account include system-auth > account required pam_tally.so The same thing here. > password include system-auth > session include system-auth > session required pam_loginuid.so > -- end -- > - I do have pam enabled in my sshd_config file. > - I only want pam_tally for my ssh server, so that's why it's only in sshd > and non system authentication. > > Here's the problem: > --> I reset my counter just incase > --> I do 5 bad SSH logins, even though my counter is 3 just to make sure > --> I run "pam_tally --user admin" and it shows my 5 bad attempts > --> My system logs show pam_tally is recording my bad attempts > --> If I type the right password it still lets my login > In FC5T3 there's an additional "pam_tally2" module. Should I be using this > one? I tried using that one with the same options and it still has no effect > but the same results. The pam_tally2 uses different data file because the pam_tally's one isn't compatible between 32 and 64bit architectures. It also has a slightly different features - read the documentation (/usr/share/doc/pam.../txts/README.pam_tally2). -- Tomas Mraz <tmraz@xxxxxxxxxx> _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
