Re: pam/sshd question: allowing a user to try logging in more than once
Oops...I figure I should include my "common-auth" file too, as well as
mention that I authenticate against LDAP:
#
# /etc/pam.d/common-auth - authentication settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authentication modules that define
# the central authentication scheme for use on the system
# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the
# traditional Unix authentication mechanisms.
#
auth required pam_env.so
auth sufficient pam_ldap.so
auth sufficient pam_unix.so use_first_pass
auth required pam_deny.so
Jeremy
Jeremy Brown wrote:
The subject line is fairly self-explanatory. Currently users who
connect to my debian testing machine at work are prompted for their
username, then their password only once. If a user enters a bad
password, he or she is kicked out immediately and must open a new ssh
connection in order to try again.
I would prefer it if a user were prompted for his or her password up
to 3 times before the SSH connection terminates.
I don't completely understand the nuances of PAM, so I'm not sure if
this feature--asking for the password multiple times if incorrect--is
something that PAM handles or if it's something that OpenSSH handles
itself. Nevertheless, I've seen it done on other UNIX/Linux machines,
so I know it can be done.
Here's my libpam0g and openssh version information:
Package: libpam0g
Version: 0.76-22
Package: ssh
Version: 1:3.8.1p1-8.sarge.2
Any help would be greatly appreciated.
Thanks,
Jeremy Brown
jeremy@brownjava.org
Reply to: