Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
03-01-2005, 10:40 AM
|
#1
|
LQ Newbie
Registered: Feb 2005
Location: Huntsville, Alabama
Posts: 2
Rep:
|
Successful login from locked screen causes pam_tally to increment. Why?
Hi, everyone. I am a System Administrator with Lockheed Martin in
Huntsville, Alabama and I am seeing something strange that has me and
a couple of my coworkers perplexed.
We are running Red Hat 9.0 on a 24-node cluster. Two of the programmers
in this particular lab were complaining that they were constantly getting
locked out of their accounts. Long story short, it would seem that these
two people lock their screens quite a bit and even though they get logged
in successfully from their locked screens, pam_tally increments its counter
which, if I am correct, indicated an UNSUCCESSFUL login attempt. After
several of times of locking/unlocking their screens, they get completely
locked out of their accounts. We have "fixed" this problem with a cron
job that runs every 15 minutes and unlocks all locked accounts but I am
not too comfortable with this.
In addition to the above problem, it seems when root simply logs in,
pam_tally increments root's counter; locking/unlocking the screen does
not increment pam_tally's counter.
I have done several online searches and can find plenty of posts from
people wanting to know why pam_tally *isn't* incrementing, but it looks
like our pam_tally increments when it isn't supposed to increment.
Any help would be greatly appreciated.
Thanks,
-Mark Zmyewski
Huntsville, Alabama
|
|
|
03-01-2005, 11:35 PM
|
#2
|
Senior Member
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658
Rep:
|
What version of pam are you running? Did you make any modifications to /etc/pam.d/xscreensaver?
|
|
|
03-03-2005, 10:25 AM
|
#3
|
LQ Newbie
Registered: Feb 2005
Location: Huntsville, Alabama
Posts: 2
Original Poster
Rep:
|
I am not a Red Hat expert, but it looks like we have pam-devel-0.75-48
We have not made any changes to xscreensaver, but we have made changes to /etc/login.defs and
/etc/pam.d/system-auth.
In /etc/login.defs, we made the following changes:
PASS_MAX_DAYS 365
PASS_MIN_DAYS 1
PASS_MIN_LEN 8
PASS_WARN_AGE 7
I don't see how that makes any difference, but I thought I'd let you know about it.
In /etc/pam.d/system-auth, we added:
password required /lib/security/$ISA/pam_cracklib.so minlen=8 retry=3 dcredit=0 ucredit=0 lcredit=0 ocredit=0
Does this help?
-Mark
|
|
|
All times are GMT -5. The time now is 10:26 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|