I've tested it again. With "deny=2" I can do two failed logons, but if the third attempt is correct then I log in and the faillog entry is removed. Which in effect gives me three logon attempts. Well, never mind - it does what I want it to do, so everyone's happy. Thanks very much to Bill for the advise! Johan -----Original Message----- From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Bill Tangren Sent: 09 August 2007 13:56 To: General Red Hat Linux discussion list Subject: Re: ftp/sftp user account lockout threshold Johan Booysen wrote: > I've finally gotten round to implementing the pam_tally module. It > does seem to do the trick, but I've noticed that using the following > line actually allows for 4 logon attempts: > > account required /lib/security/$ISA/pam_tally.so deny=3 no_magic_root > reset > > Is that how it's supposed to work? > > Thanks! > > Johan No. This means three failed login attempts, and you're locked out. You don't get a fourth try. I just tested it. -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
