[opensuse] Re: Adventures with pam_tally

Folks:

Sorry should of looked at logs before posting - while my new
confguration clears up some error messages it still doesn't work!

Turns out "reset", "no_magic_root" are no longer used and deny should
be with auth not account!


M-

.........................../etc/pam.d/login.................

sperg:/etc/pam.d # more login
#%PAM-1.0
#
auth required pam_tally.so onerr=fail deny=3 per_user magic_root
account required pam_tally.so magic_root
#
auth required pam_securetty.so
auth include common-auth
auth required pam_nologin.so
account include common-account
password include common-password
session include common-session
session required pam_lastlog.so nowtmp
session required pam_resmgr.so
session optional pam_mail.so standard



---------------------------------------------------/etc/pam.d/sshd--------------------------------

#%PAM-1.0
auth required pam_tally.so onerr=fail deny=3 per_user magic_root
account required pam_tally.so magic_root
#
auth include common-auth
auth required pam_nologin.so
account include common-account
password include common-password
session include common-session



On 5/16/07, Michael Folsom <mwfolsom@xxxxxxxxx> wrote:
Folks:

For some reason pam_tally is turning into more of a bear that I thought -

One SLES10 I added the following two lines to the beginning of /etc/pam.d/sshd:

auth required pam_tally.so onerr=fail no_magic_root
account required pam_tally.so deny=3 no_magic_root unlock_time=90 reset

all else remained the same.............(file at bottom of post)

Anyway when I test it out with faillog it records the attempts but
doesn't block after 3 tries. You can try a dozen time but when you
put in the right password it still logs you in! All I want it to do
is lock the account after 3 attempts and I can't figure out how -

Know this list is about OpenSuse but I need help - it will be appreciated!


Michael

------/etc/pam.d/sshd-----------------------------------------------------------

#%PAM-1.0
auth required pam_tally.so onerr=fail no_magic_root
account required pam_tally.so deny=3 no_magic_root reset
#
auth include common-auth
auth required pam_nologin.so
account include common-account
password include common-password
session include common-session
# Enable the following line to get resmgr support for
# ssh sessions (see /usr/share/doc/packages/resmgr/README)
#session optional pam_resmgr.so fake_ttyname

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

Relevant Pages

  • Re: AW: AW: AW: Some Users get Basic Auth?
    ... We'have just created a new domain Account and voila, ... So somekind of settings in the userprofile are incorrect, so the auth box popped up. ... If i login with MY windows account, ... Where can i configer the browser, that it use only Kerberos? ...
    (comp.protocols.kerberos)
  • Re: AW: AW: AW: Some Users get Basic Auth?
    ... We'have just created a new domain Account and voila, ... So somekind of settings in the userprofile are incorrect, so the auth box popped up. ... If i login with MY windows account, ... Where can i configer the browser, that it use only Kerberos? ...
    (comp.protocols.kerberos)
  • AW: AW: AW: Some Users get Basic Auth?
    ... We'have just created a new domain Account and voila, ... So somekind of settings in the userprofile are incorrect, so the auth box popped up. ... If i login with MY windows account, ... Where can i configer the browser, that it use only Kerberos? ...
    (comp.protocols.kerberos)
  • AW: AW: AW: Some Users get Basic Auth?
    ... We'have just created a new domain Account and voila, ... So somekind of settings in the userprofile are incorrect, so the auth box popped up. ... If i login with MY windows account, ... Where can i configer the browser, that it use only Kerberos? ...
    (comp.protocols.kerberos)
  • RE: PAM auth and account with openssh
    ... login auth requisite pam_authtok_get.so.1 ... # rlogin service (explicit because of pam_rhost_auth) ... cron account required pam_unix_account.so.1 ...
    (SSH)