exclude certain users from pam_tally2
Hi All,
i am in the middle of the testing & try to fix the issue.
i have rhel6.4 i am trying to exclude certain users from pam_tally2
like jboos420 this is a service account so that type of user haven't lock.below are my config please suggest.
as per the below log the user lock after 5 fail attempt i want that user "test" is exempted from that setting
[root@test1 ~]# cat /etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth [success=1 default=ignore] pam_succeed_if.so user in test
auth required pam_tally2.so deny=5 no_magic_root onerr=fail unlock_time=36000 audit
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so
account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=5 type= minlen=8 lcredit=-1 ucredit=-1 dcredit=-1 ocredit=-1
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok remember=5
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
~
~
~
~
~
[root@test1 ~]# cat /etc/pam.d/password-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_tally2.so deny=5
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so
account required pam_tally2.so
account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3 type=
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
[root@test1 ~]#
Nov 8 08:00:32 test1 sshd[1486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.56.1 user=test
Nov 8 08:00:34 test1 sshd[1486]: Failed password for test from 192.168.56.1 port 53800 ssh2
Nov 8 08:00:36 test1 sshd[1486]: pam_tally2(sshd:auth): user test (501) tally 8, deny 5
Nov 8 08:00:38 test1 sshd[1486]: Failed password for test from 192.168.56.1 port 53800 ssh2
Nov 8 08:00:40 test1 sshd[1486]: pam_tally2(sshd:auth): user test (501) tally 9, deny 5
Nov 8 08:00:42 test1 sshd[1486]: Failed password for test from 192.168.56.1 port 53800 ssh2
Nov 8 08:00:43 test1 sshd[1486]: pam_tally2(sshd:auth): user test (501) tally 10, deny 5
Nov 8 08:00:45 test1 sshd[1486]: Failed password for test from 192.168.56.1 port 53800 ssh2
Nov 8 08:00:46 test1 sshd[1486]: pam_tally2(sshd:auth): user test (501) tally 11, deny 5
Nov 8 08:00:48 test1 sshd[1486]: Failed password for test from 192.168.56.1 port 53800 ssh2
Nov 8 08:00:53 test1 sshd[1487]: Disconnecting: Too many authentication failures for test
Nov 8 08:00:53 test1 sshd[1486]: Failed password for test from 192.168.56.1 port 53800 ssh2
Nov 8 08:00:53 test1 sshd[1486]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.56.1 user=test
Nov 8 08:00:53 test1 sshd[1486]: PAM service(sshd) ignoring max retries; 5 > 3
[root@test1 ~]# pam_tally2 -u test
Login Failures Latest failure From
test 11 11/08/13 08:00:46 192.168.56.1
[root@test1 ~]#
Regards
pant
Last edited by pantdk; 11-07-2013 at 08:41 PM.
|