[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Google
  Web www.spinics.net

Re: pam_tally & SSH not working properly at all -- FC5T3 w/ pam 0.99

/etc/pam.d/systam-auth file:
-- start --
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        required      pam_deny.so

account     required      pam_unix.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     required      pam_permit.so

password    requisite     pam_cracklib.so retry=3
password    sufficient    pam_unix.so md5 nullok try_first_pass use_authtok
password    required      pam_deny.so

session     required      pam_limits.so
session     required      pam_unix.so
-- end --
Do I have to change them to "Required"? Or would I be able to make it so that I tell my system to use pam_tally for everything, but it will only block SSH? 
Thanks,
Firewing1


From: Darren Tucker <dtucker@xxxxxxxxxx>
Reply-To: Pluggable Authentication Modules <pam-list@xxxxxxxxxx>
To: Pluggable Authentication Modules <pam-list@xxxxxxxxxx>
Subject: Re: pam_tally & SSH not working properly at all -- FC5T3 w/ pam 0.99 
Date: Sun, 05 Mar 2006 17:51:48 +1100

Stewart Adam wrote:
> Hello,
> I'm completely confused, maybe it's a bug.
> http://www.fedoraforum.org/forum/showthread.php?t=97416
> I've started a thread there on FedoraForum with more info, but basically
> this is my situation:
> - /etc/pam.d/sshd file:
> -- start --
> #%PAM-1.0
> auth       include      system-auth
> auth       required     pam_tally.so onerr=fail deny=3

Does /etc/pam.d/system-auth have any "sufficient" modules?  If so, the
authentication succeeds at that point and never gets as far as pam_tally
when your password is right.

Also, if you're used to pam_stack, be aware that in and the "include"
directive have subtly different semantics.

--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

_______________________________________________

Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list



_______________________________________________

Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list

[Home]     [Kernel List]     [Red Hat Install]     [Linux for the blind]     [Red Hat Watch List]     [Gimp]     [Kerberos: The Definitive Guide]

Add to Google Powered by Linux