Authentication problems with pam_tally2 and Ansible

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



I'm having some issues using the pam_tally2 module with Ansible and I'd like to make sure my PAM configuration is correct.
I've configured pam_tally2 by adding the following line in /etc/pam.d/common-auth:

auth  required file=/var/log/tallylog  deny=5  even_deny_root  unlock_time=1200

Is this line correct and in the right place? Is there some other configuration I should add?

This seems to be working ok with interactive sessions, but I'm experiencing strange authentication problems with Ansible. I've an Ansible playbook that basically runs the chage command for a bunch of users in a loop with sudo. Some of the commands get correctly executed but playbook execution gets aborted due to "Incorrect sudo password". Also, pam_tally2 reports multiple login failures for the user running the script. Since some of the chage commands succeed the sudo password must have been correctly typed.

Can this be caused by a flawed pam_tally2 configuration?
This is on Ubuntu 16.04.

Pam-list mailing list

[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux