On 7/5/06, Randy McMurchy <[EMAIL PROTECTED]> wrote:
Please so I can understand what is going on here, tell me what I need to do *other than using PAM and LOGIN_RETRIES in login.defs* at the same time. Don't ask me to do both (which is what the original post said to do), because that is *not supported*.
I'm sorry to have rubbed you the wrong way. It seems as though the shadow package does support both methods, however. There are things I have in /etc/pam.d/login and in /etc/login.defs, and they're both respected. I respect the fact that you think the best way is to use PAM for all configuration if you're using PAM. Looking at lib/getdef.c in shadow, only some of the #define's are turned off with PAM. LOGIN_RETRIES is not one of those. If the shadow package is doing something inappropriate there, then that's unfortunate. Further, looking at src/login.c, it seems that retries will go to the default of 3 if LOGIN_RETRIES is not found in login.defs. In that case, it seems that enforcing the max retries in PAM will only work if the number is less than 3. I could very easily be wrong about this. Again, I'm not trying to say that you're wrong, only that this is the way the program seems to work. We can certainly move on. I would still encourage Vladimir to submit the patch upstream. For the way the package is written, this seems to be bug. -- Dan -- http://linuxfromscratch.org/mailman/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
