Hello,
I am trying to setup PAM on CentOS 5.6 to accomplish the following -
- help enforce password strength
- control account locking
- print out to SSH users how many unsuccessful logins they have had since their last login
Following is my /etc/pam.d/cs-auth file that I modified to achieve the above -
Code:
#%PAM-1.0
auth required pam_env.so
auth required pam_tally2.so deny=5 onerr=fail unlock_time=900
auth sufficient pam_unix.so try_first_pass
auth required pam_deny.so
account required pam_access.so
account required pam_tally2.so
password required pam_cracklib.so retry=3 minlen=5 dcredit=-1 ucredit=-1 lcredit=-1 ocredit=-1
password sufficient pam_unix.so use_authtok md5 remember=4
password required pam_deny.so
session optional pam_lastlog.so showfailed nowtmp
session required pam_limits.so
The account locking after 5 attempts, unlocking after 900 seconds works fine. The issue I am facing is number of unsuccessful login attempts is not working.
Am I missing some piece of configuration? I don't have a choice of installing any additional software for this, have to make it work with PAM.
Thanks
Bhushan