Johan Booysen wrote:
Hi,
Thanks for your reply.
I find using pam modules a bit confusing at the moment. Does anyone
know of a good example on how to use pam_tally in this way?
Thanks.
Johan
Add these lines to /etc/pam.d/system-auth
auth required /lib/security/$ISA/pam_tally.so onerr=fail no_magic_root
account required /lib/security/$ISA/pam_tally.so deny=3 no_magic_root reset
Next, make a faillog:
# touch /var/log/faillog
Also, make sure /etc/pam.d/xscreensaver does not call system-auth, or you will
not be able to unlock your screensaver. This is because xscreensaver doesn't
have the rights to write to the faillog. I copied the contents of system-auth
and put it in xscreensaver, and then I removed the pam_tally lines. Overkill
probably, but it works for me.
-----Original Message-----
From: redhat-list-bounces@xxxxxxxxxx
[mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Bill Tangren
Sent: 23 July 2007 16:09
To: General Red Hat Linux discussion list
Subject: Re: ftp/sftp user account lockout threshold
Johan Booysen wrote:
Dear all,
Does anyone know if it's possible to set up a vsftpd and/or sftp
server so that (for example) after 3 unsuccessful logon attempts, a
user's account is locked out or disabled?
I've done a bit of quick googling on this issue, but have come up
empty so far.
Thanks very much.
Johan
pam can use pam_tally to do this.
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
