[suse-sles-e] fun with pam_tally on SLES10 x86-64 SP1rc2

From: Michael Folsom (mwfolsom_at_gmail.com)
Date: Sat May 19 2007 - 00:15:11 CEST

• Next message: Marcus Meissner: "Re: [suse-sles-e] fun with pam_tally on SLES10 x86-64 SP1rc2"
• Previous message: Carlos Lorenzo Matés: "[suse-sles-e] SLES9 php crashing"
• Next in thread: Marcus Meissner: "Re: [suse-sles-e] fun with pam_tally on SLES10 x86-64 SP1rc2"
• Reply: Marcus Meissner: "Re: [suse-sles-e] fun with pam_tally on SLES10 x86-64 SP1rc2"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Message-ID: <ea5f6c090705181515n23c15ac4qaa0afb520072c4ec@mail.gmail.com>
Date: Fri, 18 May 2007 16:15:11 -0600
From: "Michael Folsom" <mwfolsom@gmail.com>
Subject: [suse-sles-e] fun with pam_tally on SLES10 x86-64 SP1rc2

Folks:

Trying to get pam_tally working on a SLES10 x86-64 SP1 rc2 box.

I need to set it up so that blacklisting occurs - ultimately, if
someone tries to login and fails 5 times in a row, either at the
console or via ssh, I want the account to be locked. It doesn't have
to automagically unlocked - it just needs to lock the account.

After a good bit of reading and exploring in pam land I edited
/etc/pam.d/sshd & /etc/pam.d/login to each include 2 pam_tally.so
lines (see files below).

The problem is that using faillog I can see that while
/var/log/messages records up to a dozen sequential fail login attempts
the counter on faillog never increments:

sperg:/home/mwfolsom # faillog
Login Failures Maximum Latest On
mwfolsom 0 3 05/18/07 15:47:26 -0600 ariel.mwfol

Please note:
- deny=3 is set at 3 for testing purposes

- the moment I login with the correct password faillog returns nothing
so somehow the fact that a failed login attempt has occurred is
recorded - the counter just doesn't seem to ever increment.

- /var/log/faillog exist

- maximum attempts were set with "faillog -m 3"

Any ideas will be appreciated!

Michael

........./etc/pam.d/sshd..............................
#%PAM-1.0
#
auth include common-auth
auth required pam_nologin.so
#
auth required pam_tally.so onerr=fail deny=3 per_user
magic_root no_reset
#
account include common-account
#
account required pam_tally.so magic_root no_reset
#
password include common-password
session include common-session
# Enable the following line to get resmgr support for
# ssh sessions (see /usr/share/doc/packages/resmgr/README)
#session optional pam_resmgr.so fake_ttyname

----------/etc/pam.d/login----------------------
#%PAM-1.0
#
auth required pam_securetty.so
#
auth required pam_tally.so onerr=fail deny=3 per_user
magic_root no_reset
#
auth include common-auth
auth required pam_nologin.so
account include common-account
#
account required pam_tally.so magic_root no_reset
#
password include common-password
session include common-session
session required pam_lastlog.so nowtmp
session required pam_resmgr.so
session optional pam_mail.so standard

---------------------------------------------------------------------
To unsubscribe, e-mail: suse-sles-e-unsubscribe@suse.com
For additional commands, e-mail: suse-sles-e-help@suse.com

• Next message: Marcus Meissner: "Re: [suse-sles-e] fun with pam_tally on SLES10 x86-64 SP1rc2"
• Previous message: Carlos Lorenzo Matés: "[suse-sles-e] SLES9 php crashing"
• Next in thread: Marcus Meissner: "Re: [suse-sles-e] fun with pam_tally on SLES10 x86-64 SP1rc2"
• Reply: Marcus Meissner: "Re: [suse-sles-e] fun with pam_tally on SLES10 x86-64 SP1rc2"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat May 19 2007 - 02:18:55 CEST