Re: [suse-sles-e] fun with pam_tally on SLES10 x86-64 SP1rc2

From: Marcus Meissner (meissner_at_suse.de)
Date: Mon May 21 2007 - 13:56:06 CEST

• Next message: Johan Kielbaey: "[suse-sles-e] Publish installation repository via zlm?"
• Previous message: Michael Folsom: "[suse-sles-e] fun with pam_tally on SLES10 x86-64 SP1rc2"
• In reply to: Michael Folsom: "[suse-sles-e] fun with pam_tally on SLES10 x86-64 SP1rc2"
• Next in thread: Michael Folsom: "Re: [suse-sles-e] fun with pam_tally on SLES10 x86-64 SP1rc2"
• Reply: Michael Folsom: "Re: [suse-sles-e] fun with pam_tally on SLES10 x86-64 SP1rc2"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 21 May 2007 13:56:06 +0200
From: Marcus Meissner <meissner@suse.de>
Message-ID: <20070521115606.GA27932@suse.de>
Subject: Re: [suse-sles-e] fun with pam_tally on SLES10 x86-64 SP1rc2

On Fri, May 18, 2007 at 04:15:11PM -0600, Michael Folsom wrote:
> Folks:
>
> Trying to get pam_tally working on a SLES10 x86-64 SP1 rc2 box.
>
> I need to set it up so that blacklisting occurs - ultimately, if
> someone tries to login and fails 5 times in a row, either at the
> console or via ssh, I want the account to be locked. It doesn't have
> to automagically unlocked - it just needs to lock the account.
>
> After a good bit of reading and exploring in pam land I edited
> /etc/pam.d/sshd & /etc/pam.d/login to each include 2 pam_tally.so
> lines (see files below).
>
> The problem is that using faillog I can see that while
> /var/log/messages records up to a dozen sequential fail login attempts
> the counter on faillog never increments:
>
> sperg:/home/mwfolsom # faillog
> Login Failures Maximum Latest On
> mwfolsom 0 3 05/18/07 15:47:26 -0600 ariel.mwfol
>
> Please note:
> - deny=3 is set at 3 for testing purposes
>
> - the moment I login with the correct password faillog returns nothing
> so somehow the fact that a failed login attempt has occurred is
> recorded - the counter just doesn't seem to ever increment.
>
> - /var/log/faillog exist
>
> - maximum attempts were set with "faillog -m 3"
>
> Any ideas will be appreciated!
>
>
>
> Michael
>
> ........./etc/pam.d/sshd..............................
> #%PAM-1.0
> #
> auth include common-auth
> auth required pam_nologin.so
> #
> auth required pam_tally.so onerr=fail deny=3 per_user magic_root no_reset

The pam_tally line needs to before include common-auth I think.

I tested with ssh and it works for me with "onerr=fail deny=3" options.

Please check /var/log/messages for PAM syslog entries.

Ciao, Marcus

---------------------------------------------------------------------
To unsubscribe, e-mail: suse-sles-e-unsubscribe@suse.com
For additional commands, e-mail: suse-sles-e-help@suse.com

• Next message: Johan Kielbaey: "[suse-sles-e] Publish installation repository via zlm?"
• Previous message: Michael Folsom: "[suse-sles-e] fun with pam_tally on SLES10 x86-64 SP1rc2"
• In reply to: Michael Folsom: "[suse-sles-e] fun with pam_tally on SLES10 x86-64 SP1rc2"
• Next in thread: Michael Folsom: "Re: [suse-sles-e] fun with pam_tally on SLES10 x86-64 SP1rc2"
• Reply: Michael Folsom: "Re: [suse-sles-e] fun with pam_tally on SLES10 x86-64 SP1rc2"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Mon May 21 2007 - 15:59:47 CEST