Hmmmmmmm.....
I see what you are saying about it being
an 'auth' option, not for account.
I'm going to work on this some more, on my
own and see what I can come up with.
Would like to further collaborate with you
regarding this, share lessons learned, etc....
R,
-Joe Wulf, CISSP, USN(RET)
Senior IA Engineer
ProSync Technology Group, LLC
www.prosync.com
From:
pam-list-bounces@xxxxxxxxxx [mailto:pam-list-bounces@xxxxxxxxxx] On Behalf Of Monu Agrawal
Sent: Monday, June 16, 2008 15:14
To: pam-list@xxxxxxxxxx
Subject: RE: pam_tally: unknown
option
Thanks Joe, but as per documents, deny and unlock_time are auth options, not
thee account options. When I changed the config as you mentioned:
account
required pam_tally.so deny=2
the error "unknown option deny" stopped coming but it didn't make any
difference in the time it waits after wrong passwd, even if I make it 20. The
version, I can't change because of some dependency reasons.
---------- Forwarded message ----------
From: "Joe_Wulf" <Joe_Wulf@xxxxxxxxx>
To: "'Pluggable Authentication Modules'" <pam-list@xxxxxxxxxx>
Date: Mon, 16 Jun 2008 08:37:29 -0400
Subject: RE: pam_tally: unknown option
I've played with PAM
some, and am learning more all the time. One resource I turn to pretty
frequently is the PAM documentation found at kernel.org/pub/linux/libs/pam.
>From what I've learned along the way, I think your "auth" line isn't
the right place for the "deny" option, and that would be why you get
the errors you do.
What works for me is to
have the deny option be on the "account" line, as follows:
account
required /lib/security/$ISA/pam_tally.so deny=2
Secondly, I'd recommend upgrading to a
newer version of PAM, ..77 is quite outdated. You'll probably have much
greater success with a newer release.
Good luck!
R,
-Joe Wulf, CISSP, USN(RET)
Senior IA Engineer
ProSync Technology Group, LLC
www.prosync.com
Hi,
I am using pam-0.77-65.1. The problem I am getting with it is, I am not able to
set deny and unlock_time options.
My file looks like following:
#%PAM-1.0
auth required
pam_stack.so service=system-auth
auth required
pam_nologin.so
auth required
pam_tally.so deny=3 unlock_time=600
account required pam_tally.so
account required pam_stack.so
service=system-auth
password required pam_stack.so
service=system-auth
session required pam_stack.so
service=system-auth
I am getting the following error messages on /var/log/messages
Jun 16 17:05:32 ssc-216 pam_tally[26272]: pam_tally: unknown option; deny=3
Jun 16 17:05:32 ssc-216 pam_tally[26272]: pam_tally: unknown option;
unlock_time=600
Are these options available on the this particular version? Can anybody tell me
what is wrong with the above config?
--
The things we know best are
the things we haven't been taught.
'Make Your Own Way'
Monu Agrawal
_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
--
The things we know best are
the things we haven't been taught.
'Make Your Own Way'
Monu Agrawal
