[opensuse] Adventures with pam_tally
Folks: For some reason pam_tally is turning into more of a bear that I thought - One SLES10 I added the following two lines to the beginning of /etc/pam.d/sshd: auth required pam_tally.so onerr=fail no_magic_root account required pam_tally.so deny=3 no_magic_root unlock_time=90 reset all else remained the same.............(file at bottom of post) Anyway when I test it out with faillog it records the attempts but doesn't block after 3 tries. You can try a dozen time but when you put in the right password it still logs you in! All I want it to do is lock the account after 3 attempts and I can't figure out how - Know this list is about OpenSuse but I need help - it will be appreciated! Michael ------/etc/pam.d/sshd----------------------------------------------------------- #%PAM-1.0 auth required pam_tally.so onerr=fail no_magic_root account required pam_tally.so deny=3 no_magic_root reset # auth include common-auth auth required pam_nologin.so account include common-account password include common-password session include common-session # Enable the following line to get resmgr support for # ssh sessions (see /usr/share/doc/packages/resmgr/README) #session optional pam_resmgr.so fake_ttyname -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Folks: Sorry should of looked at logs before posting - while my new confguration clears up some error messages it still doesn't work! Turns out "reset", "no_magic_root" are no longer used and deny should be with auth not account! M- .........................../etc/pam.d/login................. sperg:/etc/pam.d # more login #%PAM-1.0 # auth required pam_tally.so onerr=fail deny=3 per_user magic_root account required pam_tally.so magic_root # auth required pam_securetty.so auth include common-auth auth required pam_nologin.so account include common-account password include common-password session include common-session session required pam_lastlog.so nowtmp session required pam_resmgr.so session optional pam_mail.so standard ---------------------------------------------------/etc/pam.d/sshd-------------------------------- #%PAM-1.0 auth required pam_tally.so onerr=fail deny=3 per_user magic_root account required pam_tally.so magic_root # auth include common-auth auth required pam_nologin.so account include common-account password include common-password session include common-session On 5/16/07, Michael Folsom <mwfolsom@gmail.com> wrote:
Folks:
For some reason pam_tally is turning into more of a bear that I thought -
One SLES10 I added the following two lines to the beginning of /etc/pam.d/sshd:
auth required pam_tally.so onerr=fail no_magic_root account required pam_tally.so deny=3 no_magic_root unlock_time=90 reset
all else remained the same.............(file at bottom of post)
Anyway when I test it out with faillog it records the attempts but doesn't block after 3 tries. You can try a dozen time but when you put in the right password it still logs you in! All I want it to do is lock the account after 3 attempts and I can't figure out how -
Know this list is about OpenSuse but I need help - it will be appreciated!
Michael
------/etc/pam.d/sshd-----------------------------------------------------------
#%PAM-1.0 auth required pam_tally.so onerr=fail no_magic_root account required pam_tally.so deny=3 no_magic_root reset # auth include common-auth auth required pam_nologin.so account include common-account password include common-password session include common-session # Enable the following line to get resmgr support for # ssh sessions (see /usr/share/doc/packages/resmgr/README) #session optional pam_resmgr.so fake_ttyname
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (1)
-
Michael Folsom