Okay I took the line out of the pam.d/gdm and it's in system-auth right before pam_unix.so. I can lock my screen and come back in with no problem, and a tail on the /var/log/secure file prints out the debug basically writing out the contents of the pam_abl.conf file, then "PAM_RHOST is NULL", and "Checking user skbemis", and finally "In Cleanup, err is 20000000". When I try to login with a new sunray session, I still get "Authentication Failed" and cannot login, and there is no debug in the /var/log/secure file indicating where the problem is. When I remove the line from the system-auth file, everything works normally.
Yes, I created the /var/lib/abl directory, and it is empty and remains empty even with the failed login attempts. And when I run the pam_abl command with the config file I get the contents of the pam_abl.conf file and the last two lines state "Failed users:" (blank), and "Failed hosts:" (blank). Perhaps I need to move this topic to another users group. I was just hoping someone in the SunRay users community would have either used pam_abl or have another method to blacklist. Thanks > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of ottomeister > Sent: Monday, June 04, 2007 9:16 PM > To: SunRay-Users mailing list > Subject: Re: [SunRay-Users] Blacklisting users after several > failed login attempts > > On 6/4/07, Bemis, Suzanna K <[EMAIL PROTECTED]> wrote: > > I'm trying to use pam_abl right now and even a correct password is > > getting an "Authentication Failed" on a login attempt from > the sunray. > > > > I'm not exactly sure in which pam module to insert the > following line: > > "auth required /lib/security/pam_abl.so > > config=/etc/security/pam_abl.conf" > > So, I've put it in both the gdm and system-auth files in > /etc/pam.d ... > > I've never used pam_abl but based on reading its > documentation you should put that line into > pam.d/system-auth, immediately above the > > auth sufficient /lib/security/$ISA/pam_unix.so ... > > line. The pam.d/gdm file executes the 'system-auth auth' > stack by using the pam_stack module so if you put pam_abl > into both places it will be executed twice. > That probably means that it will count each login attempt twice. > > > ... and I > > get "Authentication Failed" on all login attempts with a > correct password. > > The pam_abl.conf file is the default one I got with the source. > > Did you create the directory /var/lib/abl where the config > file tells the pam_abl module to place its user_db and > host_db databases? > > What does the pam_abl command show when you run it with this > config file? > > OttoM. > __ > ottomeister > > Disclaimer: These are my opinions. I do not speak for my employer. > _______________________________________________ > SunRay-Users mailing list > [email protected] > http://node1.filibeto.org/mailman/listinfo/sunray-users > > _______________________________________________ SunRay-Users mailing list [email protected] http://node1.filibeto.org/mailman/listinfo/sunray-users
