pam_tally & SSH not working properly at all -- FC5T3 w/ pam 0.99

Stewart Adam compustew at hotmail.com
Sun Mar 5 16:30:57 UTC 2006 

/etc/pam.d/systam-auth file:
-- start --
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        required      pam_deny.so

account     required      pam_unix.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     required      pam_permit.so

password    requisite     pam_cracklib.so retry=3
password    sufficient    pam_unix.so md5 nullok try_first_pass use_authtok
password    required      pam_deny.so

session     required      pam_limits.so
session     required      pam_unix.so
-- end --
Do I have to change them to "Required"? Or would I be able to make it so 
that I tell my system to use pam_tally for everything, but it will only 
block SSH?
Thanks,
Firewing1

>From: Darren Tucker <dtucker at zip.com.au>
>Reply-To: Pluggable Authentication Modules <pam-list at redhat.com>
>To: Pluggable Authentication Modules <pam-list at redhat.com>
>Subject: Re: pam_tally & SSH not working properly at all -- FC5T3 w/ pam 
>0.99
>Date: Sun, 05 Mar 2006 17:51:48 +1100
>
>Stewart Adam wrote:
> > Hello,
> > I'm completely confused, maybe it's a bug.
> > http://www.fedoraforum.org/forum/showthread.php?t=97416
> > I've started a thread there on FedoraForum with more info, but basically
> > this is my situation:
> > - /etc/pam.d/sshd file:
> > -- start --
> > #%PAM-1.0
> > auth       include      system-auth
> > auth       required     pam_tally.so onerr=fail deny=3
>
>Does /etc/pam.d/system-auth have any "sufficient" modules?  If so, the
>authentication succeeds at that point and never gets as far as pam_tally
>when your password is right.
>
>Also, if you're used to pam_stack, be aware that in and the "include"
>directive have subtly different semantics.
>
>--
>Darren Tucker (dtucker at zip.com.au)
>GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
>     Good judgement comes with experience. Unfortunately, the experience
>usually comes from bad judgement.
>
>_______________________________________________
>Pam-list mailing list
>Pam-list at redhat.com
>https://www.redhat.com/mailman/listinfo/pam-list

More information about the Pam-list mailing list