hi everyone, i want to configure pam_tally in order to lock out users who entered invalid login credentials for a specific number of attempts. but somehow it doesn't work. subsequent please find my config file for ssh:
# PAM configuration for the Secure Shell service # Disallow non-root logins when /etc/nologin exists. auth required pam_nologin.so # Read environment variables from /etc/environment and # /etc/security/pam_env.conf. auth required pam_env.so # [1] # Standard Un*x authentication. @include common-auth auth required pam_tally.so onerr=fail no_magic_root # Standard Un*x authorization. @include common-account account required pam_tally.so onerr=fail deny=3 reset unlock_time=120 no_magic_root # Standard Un*x session setup and teardown. @include common-session # Print the message of the day upon successful login. session optional pam_motd.so # [1] # Print the status of the user's mailbox upon successful login. session optional pam_mail.so standard noenv # [1] # Set up user limits from /etc/security/limits.conf. session required pam_limits.so # Standard Un*x password updating. @include common-password if i use the above config file, the ssh server won't let me in. if i omit the two lines where common-auth and common-account files are included the server lets me in without entering a password. the interesting thing is if i run: test-log:/usr/src/linux-2.6.14# pam_tally User jhl (1003) has 11 i get the right count for invalid logins. can anyone help me?? i already tried a lot but i can't get it right. i would be grateful for every hint!! best regards, juergen
