On 02 Apr 2007 13:09:07 +0200, Joakim Karlsson <[EMAIL PROTECTED]> wrote:
Joakim Karlsson <[EMAIL PROTECTED]> writes:> Hi > > We use pam_tally to lock accounts after 3 failed logins in a row. > > In rhel3 the following rules works in pam.d/system-auth > > auth required pam_tally.so deny=2 > account required pam_tally.so reset > > With the same rules in rhel5 we get a working faillog which we can > view with the pam_tally-command, and the counter is reset upon > succeded login, but the rules fails to lock-out users when the faillog > for the user exceeds 2. > > Anyone else here who uses pam_tally and have any experience in getting > it to work in rhel5? > > Is this a bug in pam_tally, or is it in our configuration? > > (I haven't succeded in finding any hints in the manpages or > pam-documentation sugesting a changed behaviour for the tally > funcations.) Problem solved. The bug was behind the keyboard. Seems like pam has become a little bit more strict regarding what, how and in what order you put in your config-file. /Joakim
Could you post a working config? And are you seeing problems with pam_tally and screensaver. There was an issue a while back that you could lock yourself out with pam_tally on KDE/screensaver/etc that were running as a user and not root. I thought it couldnt be worked around without something like a helper app utempter was built. -- Stephen J Smoogen. -- CSIRT/Linux System Administrator How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. "The Merchant of Venice" _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
