pam tally and faillog questions
Dan White
ygor at comcast.net
Tue Dec 7 19:27:44 UTC 2010
----- Thorsten Kukuk <kukuk at suse.de> wrote:
> On Tue, Dec 07, Dan White wrote:
>
> > REFERENCE: <http://www.redhat.com/archives/fedora-list/2004-April/msg02907.html>
> >
> > I am still seeing this misbehavior in RHEL 5
>
> Which of the three mentioned in that thread?
All three, to be honest.
> > I found a Bugzilla reference <https://bugzilla.redhat.com/show_bug.cgi?id=166682>
> > but could not determine if it had actually been fixed.
>
> And that's yet another completly unrelated issue.
I do not believe that is correct. The "how to reproduce" instructions describe the exact problem I am having: an unlockable screensaver.
> Maybe you should start with telling us, what's your problem is?
The immediate problem is that screensaver cannot write to faillog and thus makes it impossible to unlock the screen.
However, I do want to be able to lock an account after N failed login attempts and unlock a locked account after XX minutes.
The initial problem is, I think, screensaver's inability to access faillog, mainly because I am seeing this in /var/log/secure:
<time> localhost gnome-screensaver-dialog: pam_tally (gnome-screensaver: auth): Error opening /var/log/faillog for (read|update)
“Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.”
Bill Waterson (Calvin & Hobbes)
More information about the Pam-list
mailing list