This has annoyed me so much in the last time that I had a look at how to fix it.

See a patch for version 4.0.18.2 attached.
--- login.c.orig        2008-09-17 11:45:17.000000000 +0200
+++ login.c     2008-09-17 11:47:42.000000000 +0200
@@ -638,6 +638,7 @@
                          failed = 0;
 
                          failcount++;
+
                          if (delay > 0)
                            retcode = pam_fail_delay(pamh, 1000000*delay);
 
@@ -662,12 +663,12 @@
                            failent_user = "UNKNOWN";
                          }
 
-                         if (retcode == PAM_MAXTRIES || failcount >= retries) {
+                         if (retcode == PAM_MAXTRIES) {
                            SYSLOG ((LOG_NOTICE,
-                                   "TOO MANY LOGIN TRIES (%d)%s FOR `%s'",
+                                   "TOO MANY LOGIN TRIES (%d, according to 
PAM)%s FOR `%s'",
                                    failcount, fromhost, failent_user));
                            fprintf(stderr,
-                                   _("Maximum number of tries exceeded 
(%d)\n"),
+                                   _("Maximum number of tries exceeded (%d, 
according to PAM)\n"),
                                    failcount);
                            PAM_END;
                            exit(0);
@@ -715,6 +716,17 @@
 
                          fprintf(stderr,"\nLogin incorrect\n");
 
+                         if (failcount >= retries) {
+                           SYSLOG ((LOG_NOTICE,
+                                   "TOO MANY LOGIN TRIES (%d)%s FOR '%s'",
+                                   failcount, fromhost, failent_user));
+                           fprintf(stderr,
+                                   _("Maximum number of tries exceeded 
(%d)\n"),
+                                   failcount);
+                           PAM_END;
+                           exit(0);
+                         }
+
                          /* Let's give it another go around */
                          pam_set_item(pamh,PAM_USER,NULL);
                        }

Reply via email to