I want to either disable a remote login (ssh, ftp, pop etc.) after x failures completely, to the trying remote client (IP no.) or for x minutes. I searched the web up and down, but can't come up with a simple and concise explanation, how to do this. It seems pam_tally could somehow be used to achieve part of that, but not completely. F.i. it seems once the account is locked it is locked as long as someone unlocks it. Is pam_tally the way to go or are there better ways on a normal Suse 8/9 system? Is there a better explanation/howto than what can be found in the PAM docs, man or http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam.html (PAM system administrator's guide)? At least for me this documentation is quite scarce and I'm missing some real-word and "how-to" examples for a good start. I also wonder if any of the login.defs definitions is used if PAM gets used? I read somewhere that most of it is handled by PAM now, but some options were still valid, f.i. "fail_delay" (delay for next attempt after a failure), but I can't repro that, so it seems none of it is in use when using PAM? Thanks, Kai