Results 1 to 8 of 8

Thread: pam_tally and the faillog

  1. #1

    Post pam_tally and the faillog

    Hello dear Suse-community.

    Currently I am supposed to create a basic-configuration for a SLES11 system. I Originally used OpenSuse 11.3 for testing, but I had to start to configure the actual system as well. So I downloaded SLES11 as test-version and started to configure both systems.

    The Problem right now is following: I am completely unable to setup pam to lock a useraccount after 5 failed logins. I've already searched the "whole" web for the last 4 days, but without success.

    If I put the example of the pam_tally manpage into /etc/pam.d/login and set it up via faillog -u user -m 5, then it won't do anything.
    If I just put auth required pam_tally2.so deny=5 into /etc/pam.d/common-auth, then it will lock the account, but it neither will let me unlock it nor show me something with faillog -a.

    The last thing I tried is inserting auth required pam_tally2.so deny=5 onerr=fail per_user no_lock_time and account required pam_tally2.so in /etc/pam.d/login
    Again nothing.

    I've most certainly tried many other ways which I already forgot about.

    I really hope, that all the Problem is just a little error I just don't see.

    reg

    Victor
    System:
    OS: OpenSuse 11 / Windows XP
    PC: Dell Inspirion 9400 Notebook
    GPU: Nvidia Geforce Go 7800
    CPU: Intel Centrino Duo 2* 1833 MHz

  2. #2
    Join Date
    Jun 2008
    Location
    Earth - Denmark
    Posts
    10,730

    Default Re: pam_tally and the faillog

    On 03/22/2011 03:06 PM, Victor Van Doom wrote:
    >
    > Currently I am supposed to create a basic-configuration for a SLES11
    > system. I Originally used OpenSuse 11.3 for testing, but I had to start
    > to configure the actual system as well. So I downloaded SLES11 as
    > test-version and started to configure both systems.


    you are welcome to seek advice here, but BE ADVISED that many of the
    answers might be from folks who have never run SLES (or maybe never
    even heard of it before) and you are likely much better off if you
    seek assistance from the Novell forums, via: http://forums.novell.com

    and, though the two products are related, they are NOT the same...most
    folks here are using openSUSE 11.3 or 11.4, and SLES11 is based on the
    openSUSE 11.0 version and then updated....so, there are many
    differences....and, many similarities but you can't (for example) set
    up 11.3 exactly like you want it and then expect to be able to follow
    the same steps to have SLES11 as you wish..

    in my opinion: best to ask here about openSUSE and forums.novell.com
    about SLES..

    --
    DenverD
    CAVEAT: http://is.gd/bpoMD
    [NNTP posted w/openSUSE 11.3, KDE4.5.5, Thunderbird3.1.8, nVidia
    173.14.28 3D, Athlon 64 3000+]
    "It is far easier to read, understand and follow the instructions than
    to undo the problems caused by not." DD 23 Jan 11

  3. #3

    Default Re: pam_tally and the faillog

    @DenverD
    Thank you for this advice, I will keep this in mind for the next time :-). In that case it doesn't really make a difference, cause the config can be applied to both (except a little difference in the syslog-daemon, which is syslog-ng there). Frankly I believe, that if I can manage to get the pam running in OS11.3 then I might figure out the problem in SLES11.
    System:
    OS: OpenSuse 11 / Windows XP
    PC: Dell Inspirion 9400 Notebook
    GPU: Nvidia Geforce Go 7800
    CPU: Intel Centrino Duo 2* 1833 MHz

  4. #4
    Join Date
    Jun 2008
    Location
    Earth - Denmark
    Posts
    10,730

    Default Re: pam_tally and the faillog

    On 03/23/2011 09:06 AM, Victor Van Doom wrote:
    >
    > I believe, that if I can manage to get the pam running in OS11.3
    > then I might figure out the problem in SLES11.



    i'm afraid i'm not much help, but _maybe_ there is something in one of
    these that will get you going in the right direction (while waiting a
    real pam guru to happen by):

    "Authentication with PAM"
    http://doc.opensuse.org/products/ope...y/cha.pam.html
    (note: i've not looked at the man, and don't know if this is more or
    less useful...i just guess it _might_ be...for example, it seems you
    are doing all the setups directly/manually and i didn't see you write
    anything about trying the pam-config tool and it didn't work for you)

    other documentation in /usr/share/doc/packages/pam

    and, other potential ideas here:
    http://tinyurl.com/47kenqu
    http://www.google.com/search?q=site%....org+pam+setup

    hopefully the real guru comes soon, or the solution appears in reading
    (a possibility i can not promise will happen)

    oh, and don't forget: i would _guess_ a real guru is in the SLES
    forum, and willing to help during your trial period..

    --
    DenverD
    CAVEAT: http://is.gd/bpoMD
    [NNTP posted w/openSUSE 11.3, KDE4.5.5, Thunderbird3.1.8, nVidia
    173.14.28 3D, Athlon 64 3000+]
    "It is far easier to read, understand and follow the instructions than
    to undo the problems caused by not." DD 23 Jan 11

  5. #5

    Default Re: pam_tally and the faillog

    I've got the idea to use pam-config aswell, but unfortunately it does not support the pam_tally.so or pam_tally2.so module :-(
    System:
    OS: OpenSuse 11 / Windows XP
    PC: Dell Inspirion 9400 Notebook
    GPU: Nvidia Geforce Go 7800
    CPU: Intel Centrino Duo 2* 1833 MHz

  6. #6

    Default Re: pam_tally and the faillog

    Little addition: I've now tried an other approach to track down the problem in OS11.3 and SLES11 alike. I inserted following lines into /etc/pam.d/login:

    auth required pam_tally2.so onerr=fail no_magic_root
    account required pam_tally2.so per_user deny=3 no_magic_root reset

    After that, I activated the pam debug-tool. Or at least I tried. pam-config --add --login-debug should activate debugging, but it doesn't seem to know the command (in reference to the opensuse doc link above). Then I added pam_debug via touch to /etc. But it "ain't logging nothing". :-(
    System:
    OS: OpenSuse 11 / Windows XP
    PC: Dell Inspirion 9400 Notebook
    GPU: Nvidia Geforce Go 7800
    CPU: Intel Centrino Duo 2* 1833 MHz

  7. #7
    Join Date
    Jun 2008
    Location
    Earth - Denmark
    Posts
    10,730

    Default Re: pam_tally and the faillog

    On 03/23/2011 03:06 PM, Victor Van Doom wrote:
    > but it doesn't
    > seem to know the command (in reference to the opensuse doc link above).


    hmmmmm...maybe the doc i grabbed in haste is built for 11.4, i do not
    know for sure..

    or, perhaps you path is messed up, or your system is missing
    pam-config (it is available via YaST), or maybe you were not root in
    your terminal prior to calling pam-config....my 11.3 knows the command
    when root calls it so i can't imagine why your's can't..

    see if you can track that down..

    --
    DenverD
    CAVEAT: http://is.gd/bpoMD
    [NNTP posted w/openSUSE 11.3, KDE4.5.5, Thunderbird3.1.8, nVidia
    173.14.28 3D, Athlon 64 3000+]
    "It is far easier to read, understand and follow the instructions than
    to undo the problems caused by not." DD 23 Jan 11

  8. #8

    Default Re: pam_tally and the faillog

    Ok, at least I've solved the problem with pam-config. It really was a a messed up link .

    pam-config is working now, but still no modul for pam_tally or debug.
    System:
    OS: OpenSuse 11 / Windows XP
    PC: Dell Inspirion 9400 Notebook
    GPU: Nvidia Geforce Go 7800
    CPU: Intel Centrino Duo 2* 1833 MHz

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •