Register "telnet" login failures with pam_tally

Billy Snider bbsnider at link.com
Sat Nov 13 19:23:19 UTC 2004 

> On Fri, Nov 12, 2004 at 01:52:15PM +0000, Billy Snider wrote:
>> Has anyone had problems getting login failures to register with Fedora
>> Core 3?  I am trying to "telnet" into the system and get a failure to
>> register.
>>
>> Here is my "login" file:
>>
>> #%PAM-1.0
>> auth       required     pam_securetty.so
>> auth       required     pam_stack.so service=system-auth
>> auth       required     /lib/security/pam_tally.so deny=5 onerr=fail
>> no_magic_root
>> auth       required     pam_nologin.so
>> account    required     pam_stack.so service=system-auth
>> password   required     pam_stack.so service=system-auth
> [snip]
>
>> Failures do register in the "/var/log/messages" but not
>> "/var/log/faillog".
>>
>> It acts as if "telnet" doesn't even use the "login" configuration file
>> within "/etc/pam.d".
>>
>> >From a previous posting "ssh" logins register failures just fine with
>> the following in the "sshd" file:
>>
>> auth       required     pam_stack.so service=system-auth
>> auth       required     pam_nologin.so
>> auth       required     pam_tally.so no_magic_root
>> account    required     pam_tally.so deny=3 no_magic_root per_user
>> account    required     pam_stack.so service=system-auth
> [snip]
>
> In the configuration file for "login", you're passing the "deny=" flag
> to pam_tally when used as an "auth" module, while in "sshd", the "deny="
> flag is being correctly passed to pam_tally being used as an "account"
> module.  You also don't seem to be calling pam_tally as an "account"
> module in the "login" configuration file.
>
> HTH,
>
> Nalin



Thank-you for your response, I made a mistake and posted an "in-work"
login file, here is the one I am currently using that has the problem:
#%PAM-1.0
auth       required     pam_securetty.so
auth       required     pam_stack.so service=system-auth
auth       required     pam_tally.so onerr=fail no_magic_root per_user
auth       required     pam_nologin.so
account    required     pam_tally.so deny=3 no_magic_root per_user
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_stack.so service=system-auth
session    optional     pam_console.so
# pam_selinux.so open should be the last session rule
session    required     pam_selinux.so multiple open


>
> _______________________________________________
> Pam-list mailing list
> Pam-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list
>

More information about the Pam-list mailing list