OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: cistron and RedHat's pam - limiting lgin attempts
From: Steve Langasek (vorlonnetexpress.net)
Date: Mon Dec 18 2000 - 09:50:09 CST

Hi Steve,

> I am using Cistron's radiusd on a RedHat 6.1 server.. I can't get pam_tally
> to work

> I have in /etc/pam.d/radius:

> auth required /lib/security/pam_tally.so
> auth required /lib/security/pam_pwdb.so shadow nullok
> auth required /lib/security/pam_nologin.so
> account required /lib/security/pam_pwdb.so
> account required /lib/security/pam_tally.so deny=3
> password required /lib/security/pam_cracklib.so
> password required /lib/security/pam_pwdb.so shadow use_authtok nullok md5
> session required /lib/security/pam_pwdb.so

> any ideas? All I wish to do is limit the number of login attempts.. any help
> you could provide would sure be appreciated..

I can't find any documentation for pam_tally on my system even though it's
included in the RedHat RPMs, and the module itself isn't part of the Linux-PAM
tree, so I'm working with very little information here; but unless I'm
mistaken, pam_tally is only effective when multiple authentication attempts
are made within the same PAM context. Because each incoming radius
authentication request is independent of every other packet, there's no way to
group any of those packets into a single context, so IIUC pam_tally is not
useful here.

Steve Langasek
postmodern programmer

_______________________________________________
Pam-list mailing list
Pam-listredhat.com
https://listman.redhat.com/mailman/listinfo/pam-list