Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Problems using pam_tally in RH9

5 views
Skip to first unread message

Dave Humes

unread,
Oct 10, 2003, 12:14:56 AM10/10/03
to
Hello,

I'm trying to use pam_tally to lockout accounts after excessive failed login attempts and it is not working. If I use faillog or /sbin/pam_tally to display failed login attempts, the tally never increments. With each failed login attempt I get the following error in /var/log/messages.

Oct 9 23:27:34 dellpc pam_tally[3789]: Error opening /var/log/faillog for update

I allowed pam_tally to create /var/log/faillog itself. Here's what it created.

-rw------- 1 root root 0 Oct 10 00:03 /var/log/faillog

Here's my /etc/pam.d/system-auth file after adding pam_tally.

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth sufficient /lib/security/$ISA/pam_smb_auth.so use_first_pass nolocal
auth required /lib/security/$ISA/pam_deny.so

auth required /lib/security/$ISA/pam_tally.so onerr=fail no_magic_root
account required /lib/security/$ISA/pam_tally.so deny=5 no_magic_root reset

account required /lib/security/$ISA/pam_unix.so

password required /lib/security/$ISA/pam_cracklib.so retry=3 type=
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
password required /lib/security/$ISA/pam_deny.so

session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so


Any suggestions would be appreciated. Redhat is verion 9, kernel
2.4.20-8, pam-0.75-48.

Thanks.

--Dave

Paul Lutus

unread,
Oct 10, 2003, 4:26:12 AM10/10/03
to
Dave Humes wrote:

> Hello,
>
> I'm trying to use pam_tally to lockout accounts after excessive failed
> login attempts and it is not working. If I use faillog or /sbin/pam_tally
> to display failed login attempts, the tally never increments. With each
> failed login attempt I get the following error in /var/log/messages.
>
> Oct 9 23:27:34 dellpc pam_tally[3789]: Error opening /var/log/faillog for
> update

Make sure the user who owns the process has read and write permission for
the target directory.

>
> I allowed pam_tally to create /var/log/faillog itself. Here's what it
> created.
>
> -rw------- 1 root root 0 Oct 10 00:03 /var/log/faillog

Is pam_tally running as root (as it must be for this file)? Is it suid?

--
Paul Lutus
http://www.arachnoid.com

0 new messages