Pam modifications

Scott J. Henson shenson at mix.wvu.edu
Mon Nov 20 19:49:04 UTC 2006


Brian Fahrlander wrote:
> Scott J. Henson wrote:
> 
>>> Some additional information maybe?  Like your common-auth
>>> file (if thats where your making your modification and it
>>> should be).  Also a description of your authentication
>>> stack.  Are you using the unix passwd file (aka pam_unix) or
>>> some other auth method?  What errors are you getting to your
>>> auth.log file?  Is your /var/log/faillog file growing?  Be
>>> verbose, the more complete of a description you give the
>>> easier it will be to fix.
> 
>     Well, see, what I've had....20-30 variations on the configuration
> that in fact, have all been meaningless.  And I'm working from the docs!
>  The best I can do is to get locked out of the thing and have to reboot
> into recovery mode.

I'm just looking for a starting place.  Id like to know if
your using pam_unix to do the actual authentication or if
your using some other form of authentication.

> 
>     Obviously everything I've been trying has been very wrong- I'm
> looking for the guy that got it working, not just for tactical
> (file-content) but strategic (the overview) of the nature of this beast.
>  Someone, somewhere has a copy of this actually working, and the author
> is either on vacation, or doesn't feel like helping.
> 
>     Can I take from the response you're comfortable making mods to the
> basic install? Ever got pam_tally to work?
> 

I have battled many times with pam.  Its not the greatest
thing in the world, but its also not the worst.  I just took
a few minutes and I believe I got it working.  Unfortunately
I only have ldap accounts on the machine I'm working on and
thus the account can't be locked.  But, it does seem to be
recording that the attempts have been made and that it does
want to lock the account.

But the magic is:
auth    required        pam_tally.so    deny=3,lock_time=30

It should go into /etc/pam.d/common-auth and be placed ahead
of pam_unix.

If the above doesn't work I'm going to need a more involved
explanation of your authentication scheme.

-- 
Scott Henson
LCSEE Systems Staff
WVU MAE Undergraduate
Ubuntu User





More information about the ubuntu-users mailing list