[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[pam_tally problem]

hi everyone,

i want to configure pam_tally in order to lock out users who entered invalid
login credentials for a specific number of attempts. but somehow it doesn't
work. subsequent please find my config file for ssh:

# PAM configuration for the Secure Shell service

# Disallow non-root logins when /etc/nologin exists.
auth       required     pam_nologin.so

# Read environment variables from /etc/environment and
# /etc/security/pam_env.conf.
auth       required     pam_env.so # [1]

# Standard Un*x authentication.
@include common-auth
auth required pam_tally.so onerr=fail no_magic_root

# Standard Un*x authorization.
@include common-account
account required pam_tally.so onerr=fail deny=3 reset unlock_time=120

# Standard Un*x session setup and teardown.
@include common-session

# Print the message of the day upon successful login.
session    optional     pam_motd.so # [1]

# Print the status of the user's mailbox upon successful login.
session    optional     pam_mail.so standard noenv # [1]

# Set up user limits from /etc/security/limits.conf.
session    required     pam_limits.so

# Standard Un*x password updating.
@include common-password

if i use the above config file, the ssh server won't let me in. if i omit
the two lines where common-auth and common-account files are included the
server lets me in without entering a password. the interesting thing is if i

test-log:/usr/src/linux-2.6.14# pam_tally
User jhl        (1003)  has 11

i get the right count for invalid logins.

can anyone help me?? i already tried a lot but i can't get it right. i would
be grateful for every hint!!

best regards,


Reply to: