Hi All, I have three authentication modules -- pam_radius_auth.so (for remote authentication) -- pam_unix ( unix local authentication) -- pam_opie (challenge/response) and other accounting modules such as pam_abl, which does user lockout/iplocking. I would like to choose a better authentication for access to my service: These are my requirements/clarifications: -- An intruder should not know how his authentication has failed(due to user locking or IP address locking or wrong passwd for remote authenticaon or for local authenticaion ), but only SecurityAdmin can see them in logs. Intruder just gets error as LOGIN failed. -- While logging to the service, should i allow user to specify authentication type such as challenge-response or local, if Radius servers are not reachable. Will this cause any kind of break in secure authentication process or does ti contrast with above. I am thinking of this to help legitimate users to get logged into the service I am kind of lost here, Can anyone please advise the better approach her. Many Thanks _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list