[pam_tally problem]
hi everyone,
i want to configure pam_tally in order to lock out users who entered invalid
login credentials for a specific number of attempts. but somehow it doesn't
work. subsequent please find my config file for ssh:
# PAM configuration for the Secure Shell service
# Disallow non-root logins when /etc/nologin exists.
auth required pam_nologin.so
# Read environment variables from /etc/environment and
# /etc/security/pam_env.conf.
auth required pam_env.so # [1]
# Standard Un*x authentication.
@include common-auth
auth required pam_tally.so onerr=fail no_magic_root
# Standard Un*x authorization.
@include common-account
account required pam_tally.so onerr=fail deny=3 reset unlock_time=120
no_magic_root
# Standard Un*x session setup and teardown.
@include common-session
# Print the message of the day upon successful login.
session optional pam_motd.so # [1]
# Print the status of the user's mailbox upon successful login.
session optional pam_mail.so standard noenv # [1]
# Set up user limits from /etc/security/limits.conf.
session required pam_limits.so
# Standard Un*x password updating.
@include common-password
if i use the above config file, the ssh server won't let me in. if i omit
the two lines where common-auth and common-account files are included the
server lets me in without entering a password. the interesting thing is if i
run:
test-log:/usr/src/linux-2.6.14# pam_tally
User jhl (1003) has 11
i get the right count for invalid logins.
can anyone help me?? i already tried a lot but i can't get it right. i would
be grateful for every hint!!
best regards,
juergen
Reply to: