On Thu, Jun 26, 2008 at 01:11:46PM -0700, wc wong wrote:
> Thanks Darren.
>
> Yes, we are using PAM.
> I'll try "PermitEmptyPasswords no" to see if it can resolve the
> failure count issue.
> One more problem, I found is that when I use authentication by
> password, though the failure count incremented by one with the
> none-method, the count is reset with the success of the password
> authentication. This is not the case when I use publickey authentication,
> the count is not reset with the success of the publickey authentication.
The problem here is that pubkey authentication doesn't occur through
PAM, and I don't know a good general solution to this. (There's
no way for an application to say to PAM "this login is good, even
though PAM didn't say so").
If the module in question also implements the session part of the
stack, you could try that (add "session required pam_whatever.so")
and it may work, but it will depend on the PAM module.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
