pam_tally help
 

Trying to get pam_tally working to lock out users after 3 failed attempts. Here is my /etc/pam.d/login file:

auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_nologin.so
auth required /lib/security/pam_tally.so onerr=fail no_magic_root
account required /lib/security/pam_tally.so deny=3 no_magic_root
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session optional /lib/security/pam_console.so

The faillog file will keep a record of failed logins but after a user goes past 3 failed it doesn't lock out the user. Any idea's.

Thanks

I've got tally in both the auth and the account section. The one under account is the second account line, similar to the tally line under auth, but with the "deny=3" argument added.

I have it both sections also. Just found out today that I needed to add those lines into the /etc/pam.d/rlogin file sence I was trying to lock a user out who is trying to use rlogin. And it actually works now! Thanks anyways.

I apologize, I havent been reading your post too well, busy on the latest "Have I been attacked?" thread. I hope you're using rlogin restricted to a LAN where you can trust each and every box (and even then).

Try adding per_user option in the account required line