pam_tally help
Trying to get pam_tally working to lock out users after 3 failed attempts. Here is my /etc/pam.d/login file:
auth required /lib/security/pam_securetty.so auth required /lib/security/pam_stack.so service=system-auth auth required /lib/security/pam_nologin.so auth required /lib/security/pam_tally.so onerr=fail no_magic_root account required /lib/security/pam_tally.so deny=3 no_magic_root account required /lib/security/pam_stack.so service=system-auth password required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_stack.so service=system-auth session optional /lib/security/pam_console.so The faillog file will keep a record of failed logins but after a user goes past 3 failed it doesn't lock out the user. Any idea's. Thanks |
I've got tally in both the auth and the account section. The one under account is the second account line, similar to the tally line under auth, but with the "deny=3" argument added.
|
I have it both sections also. Just found out today that I needed to add those lines into the /etc/pam.d/rlogin file sence I was trying to lock a user out who is trying to use rlogin. And it actually works now! Thanks anyways.
|
I apologize, I havent been reading your post too well, busy on the latest "Have I been attacked?" thread. I hope you're using rlogin restricted to a LAN where you can trust each and every box (and even then).
|
Quote:
|
All times are GMT -5. The time now is 04:28 PM. |