Pam modifications

Brian Fahrlander brian at fahrlander.net
Mon Nov 27 09:49:29 UTC 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Scott J. Henson wrote:
> Brian Fahrlander wrote:

    First: I'm sorry for the delay.  Thanksgiving + two jobs +
need-for-sleep kinda takes up most of my time, these days, but I think
I'm back on-task; sorry.

> I'm just looking for a starting place.  Id like to know if
> your using pam_unix to do the actual authentication or if
> your using some other form of authentication.

    Right now I have the basic, default, Dapper setup.  I've removed any
mention of LDAP that might complicate things. Would you like to see the
files? (I saved the originals to 'roll back' to the original
configuration...


> I have battled many times with pam.  Its not the greatest
> thing in the world, but its also not the worst.  I just took
> a few minutes and I believe I got it working.  Unfortunately
> I only have ldap accounts on the machine I'm working on and
> thus the account can't be locked.  But, it does seem to be
> recording that the attempts have been made and that it does
> want to lock the account.

    Uhm....if your /var/log/faillog was moved to an NFS share....would
that work?  I've considered moving mine, but I have to get it to work
'barefoot', first...

> But the magic is:
> auth    required        pam_tally.so    deny=3,lock_time=30
> 
> It should go into /etc/pam.d/common-auth and be placed ahead
> of pam_unix.
> 
> If the above doesn't work I'm going to need a more involved
> explanation of your authentication scheme.

    Ah: something to try!  Very cool; I appreciate the help- I'll get a
wiki page started on this, as soon as I know  more about it.  Right now
I'm like ancient man, asking a neighbor for a start of his 'fire' since
I can't get mine working.

    :)

- --
 ------------------------------------------------------------------------
 Brian Fahrländer                 Christian, Conservative, and Technomad
 Evansville, IN                              http://Fahrlander.net/brian
 ICQ: 5119262                         AOL/Yahoo/GoogleTalk: WheelDweller
 ------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFarSo6PLtRzZbdhYRAok2AJ99LZDd0QS5hUGRQ+fqyuY4XMJ9rwCaA4vr
DTrRYRSvD5HW06cJv4Q/p+s=
=v9aN
-----END PGP SIGNATURE-----

More information about the ubuntu-users mailing list