-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Howdy all, I have a fellow engineer that is reporting
"I need help in configuring pam_tally (in Red Hat Enterprise Linux 5) to lock non-root users out after three failed login attempts, but to always allow root to log in regardless of the number of failed login attempts. I was able to do this on Red Hat Linux 7.3, but I have not been successful since the move to RHEL5. Either all users are locked out, or none are. My current /etc/pam.d/login file follows. It will lock out all users, including root, after three failed attempts. #%PAM-1.0 auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so auth required pam_tally.so onerr=fail deny=3 audit auth include system-auth account required pam_nologin.so account required pam_tally.so account include system-auth password include system-auth # pam_selinux.so close should be the first session rule session required pam_selinux.so close session include system-auth session required pam_loginuid.so session optional pam_console.so # pam_selinux.so open should only be followed by sessions to be executed in the user context session required pam_selinux.so open session optional pam_keyinit.so force revoke" What might he be doing wrong? What can we do to address this issue? Thanks in advance for your replies. - -- - ---------- Doug Stewart Senior Systems Administrator/Web Applications Developer Lockheed Martin Advanced Technology Labs [EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHDNfwN50Q8DVvcvkRAm1BAJ0XlZ44LlcZaoe/J0ZZZgnmdGoGrACdH6dN g+SaPhUc0A5VMpf5DAX5FlA= =RZj2 -----END PGP SIGNATURE----- _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
