Hello Tildeslash, I start using monit with PAM support enabled, this works well as long as I start monit in the system context, with uid 0. With all Linux systems are using "pam_tally2", I got a problem, because the user will be locked after some successful logons.
With a short look to the monit util.c file it seems to me, only "pam_start", "pam_authenticate" and "pam_end" is used. But "pam_acct_mgmt" is not used, the counter used by "pam_tally2" are not reset in the "account" facility therefore. Is this a bug, any reason the "auth" facility is used only and the "account" is not used. Thanks for any help, Lutz p.s. See https://www.novell.com/support/kb/doc.php?id=7011883 The used PAM common-auth file contain auth required pam_env.so auth required pam_unix2.so auth required pam_tally2.so file=/var/log/tallylog deny=3 With a monit specific PAM file everything works well (see below), but "auth" will be used only and "pam_tally" can't used. # monit: auth account password session auth sufficient pam_unix2.so auth required pam_deny.so account required pam_permit.so password required pam_deny.so session required pam_permit.so -- To unsubscribe: https://lists.nongnu.org/mailman/listinfo/monit-general
