[opensuse] Re: Adventures with pam_tally

Michael Folsom Wed, 16 May 2007 14:21:08 -0700

Folks:

Sorry should of looked at logs before posting - while my new
confguration clears up some error messages it still doesn't work!


Turns out "reset", "no_magic_root" are no longer used and deny should
be with auth not account!


M-

.........................../etc/pam.d/login.................

sperg:/etc/pam.d # more login
#%PAM-1.0
#
auth    required        pam_tally.so onerr=fail deny=3 per_user magic_root
account required        pam_tally.so magic_root
#
auth     required       pam_securetty.so
auth     include        common-auth
auth     required       pam_nologin.so
account  include        common-account
password include        common-password
session  include        common-session
session  required       pam_lastlog.so nowtmp
session  required       pam_resmgr.so
session  optional       pam_mail.so standard



---------------------------------------------------/etc/pam.d/sshd--------------------------------

#%PAM-1.0
auth    required        pam_tally.so onerr=fail deny=3 per_user magic_root
account required        pam_tally.so magic_root
#
auth     include        common-auth
auth     required       pam_nologin.so
account  include        common-account
password include        common-password
session  include        common-session



On 5/16/07, Michael Folsom <[EMAIL PROTECTED]> wrote:

Folks:

For some reason pam_tally is turning into more of a bear that I thought -

One SLES10 I added the following two lines to the beginning of /etc/pam.d/sshd:

auth      required      pam_tally.so onerr=fail no_magic_root
account required      pam_tally.so deny=3 no_magic_root unlock_time=90 reset

all else remained the same.............(file at bottom of post)

Anyway when I test it out with faillog it records the attempts but
doesn't block after 3 tries.  You can try a dozen time but when you
put in the right password it still logs you in!  All I want it to do
is lock the account after 3 attempts and I can't figure out how -

Know this list is about OpenSuse but I need help - it will be appreciated!


Michael

------/etc/pam.d/sshd-----------------------------------------------------------

#%PAM-1.0
auth    required        pam_tally.so onerr=fail no_magic_root
account required        pam_tally.so deny=3 no_magic_root reset
#
auth     include        common-auth
auth     required       pam_nologin.so
account  include        common-account
password include        common-password
session  include        common-session
# Enable the following line to get resmgr support for
# ssh sessions (see /usr/share/doc/packages/resmgr/README)
#session  optional      pam_resmgr.so fake_ttyname

--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[opensuse] Re: Adventures with pam_tally

Reply via email to