Pam modifications

Brian Fahrlander brian at
Mon Nov 27 09:49:29 UTC 2006

Hash: SHA1

Scott J. Henson wrote:
> Brian Fahrlander wrote:

    First: I'm sorry for the delay.  Thanksgiving + two jobs +
need-for-sleep kinda takes up most of my time, these days, but I think
I'm back on-task; sorry.

> I'm just looking for a starting place.  Id like to know if
> your using pam_unix to do the actual authentication or if
> your using some other form of authentication.

    Right now I have the basic, default, Dapper setup.  I've removed any
mention of LDAP that might complicate things. Would you like to see the
files? (I saved the originals to 'roll back' to the original

> I have battled many times with pam.  Its not the greatest
> thing in the world, but its also not the worst.  I just took
> a few minutes and I believe I got it working.  Unfortunately
> I only have ldap accounts on the machine I'm working on and
> thus the account can't be locked.  But, it does seem to be
> recording that the attempts have been made and that it does
> want to lock the account.

    Uhm....if your /var/log/faillog was moved to an NFS share....would
that work?  I've considered moving mine, but I have to get it to work
'barefoot', first...

> But the magic is:
> auth    required    deny=3,lock_time=30
> It should go into /etc/pam.d/common-auth and be placed ahead
> of pam_unix.
> If the above doesn't work I'm going to need a more involved
> explanation of your authentication scheme.

    Ah: something to try!  Very cool; I appreciate the help- I'll get a
wiki page started on this, as soon as I know  more about it.  Right now
I'm like ancient man, asking a neighbor for a start of his 'fire' since
I can't get mine working.


- --
 Brian Fahrländer                 Christian, Conservative, and Technomad
 Evansville, IN                    
 ICQ: 5119262                         AOL/Yahoo/GoogleTalk: WheelDweller
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla -


More information about the ubuntu-users mailing list