i want to configure pam_tally in order to lock out users who entered invalid
login credentials for a specific number of attempts. but somehow it doesn't
work. subsequent please find my config file for ssh:
# PAM configuration for the Secure Shell service
# Disallow non-root logins when /etc/nologin exists.
auth required pam_nologin.so
# Read environment variables from /etc/environment and
auth required pam_env.so # 
# Standard Un*x authentication.
auth required pam_tally.so onerr=fail no_magic_root
# Standard Un*x authorization.
account required pam_tally.so onerr=fail deny=3 reset unlock_time=120
# Standard Un*x session setup and teardown.
# Print the message of the day upon successful login.
session optional pam_motd.so # 
# Print the status of the user's mailbox upon successful login.
session optional pam_mail.so standard noenv # 
# Set up user limits from /etc/security/limits.conf.
session required pam_limits.so
# Standard Un*x password updating.
if i use the above config file, the ssh server won't let me in. if i omit
the two lines where common-auth and common-account files are included the
server lets me in without entering a password. the interesting thing is if i
User jhl (1003) has 11
i get the right count for invalid logins.
can anyone help me?? i already tried a lot but i can't get it right. i would
be grateful for every hint!!