Re: Sarge: Lost # of failed logins
On Thu, Jul 26, 2007 at 20:44:49 -0700, Andrew Sackville-West wrote:
> On Thu, Jul 26, 2007 at 05:52:00PM -0600, Bob Proulx wrote:
> > Florian Kulzer wrote:
> > > I have been using Debian for about 5 years now. As far as I remember, it
> > > always had the "n failure(s) since last login" message (if n was greater
> > > than zero).
> >
> > I have never seen that message.
>
> it works reliably on this particular up-to-date sid box, shows the
> proper number of failures. I think it must come from login, but I
> can't see what might cause to happen or not.
[...]
> I do _not_ get this message over ssh, so it must come from that pair
> -- login or getty...
I think this is controlled in /etc/login.defs:
#
# Enable logging and display of /var/log/faillog login failure info.
# This option conflicts with the pam_tally PAM module.
#
FAILLOG_ENAB yes
I do have the pam_tally.so module in /lib/security/, but it seems that
it is not used in my present (Debian-default) PAM configuration.
Bob Proulx and I are currently doing a brute-force comparison of all our
installed packages and relevant configuration files. We will see if this
turns up additional clues.
--
Regards, | http://users.icfo.es/Florian.Kulzer
Florian |
Reply to: