Re: Authentication problems with pam_tally2 and Ansible

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


The explanation seems to be that pam_tally2 records a failed login when login command is started, even before a password is entered. Normally, the failed logins counter is reset when the user enters the correct password.

For login this works correctly when the following line is added in pam config (common-auth):

auth  required  file=/var/log/tallylog deny=5 even_deny_root unlock_time=1200 serialize

However, when using sudo, the counter only gets reset when the following line is added to pam configuration (common-account):

account        required

Why is the behaviour different for login and sudo?
Is this a bug?

I think this is a bit confusing and it might be good to explain it in more detail on the man page (and the examples section).

Pam-list mailing list

[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux