Re: Bug in pam_tally on Red Hat Enterprise Linux Server release 5.1 (Tikanga).

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2008-07-14 at 16:44 -0400, Vasudeva R wrote:
> Here is my complete configuration lines of system-auth file.
> 
> Earlier I had mentioned only tally lines alone.
> 
> Please let me know where could be the problem.
> 
> auth        required      pam_env.so
> auth        sufficient    pam_unix.so try_first_pass
> auth        required      pam_deny.so
> 
> account     required      pam_unix.so
> account     sufficient    pam_succeed_if.so uid < 500 quiet
> account     required      pam_permit.so
> 
> password    requisite     pam_cracklib.so minlen=7 ucredit=0
> lcredit=-1 dcredit=-1 ocredit=0 retry=3
> password    sufficient    pam_unix.so  use_authtok md5 shadow
> remember=4
> password    required      pam_deny.so
> 
> session     optional      pam_keyinit.so revoke
> session     required      pam_limits.so
> session     [success=1 default=ignore] pam_succeed_if.so service in
> crond quiet use_uid
> session     required      pam_unix.so
> 
> auth        required      pam_tally2.so onerr=fail per_user deny=3
> account     required      pam_tally2.so reset

pam_tally2 uses different file for keeping the tally counts
- /var/log/tallylog. The format is compatible between 32 and 64bit
architectures (with the same endianness only). It doesn't support the
per_user option.

And as I wrote in my previous e-mail you have to put both of the lines
before the respective auth/account pam_unix lines.

-- 
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb

_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list

[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux