FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.

» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Red Hat Linux

LinkBack Thread Tools
Old 01-10-2011, 02:40 PM
"Johan Booysen"
Default RHEL6 pam_tally2 lockouts

I'm trying to set up a RHEL6 server for sftp access only. So far it
works very well, but I can't seem to get pam_tally2 set up to lock user
accounts after so many unsuccessful login attempts.

As far as I could find out, it should work if I add the following lines
to /etc/pam.d/system-auth:

Last line in the auth section:

auth required pam_tally2.so deny=3 onerr=fail

Last line in the account section:

account required pam_tally2.so

According to the pam_tally2 man page this should log failed attempts in
/var/log/tallylog, but when I deliberately log in with nonsense
usernames/password, I get absolutely nothing in the tallylog file.
Hence running the pam_tally2 command with no options produces no

/var/log/secure shows me entries such as:

Jan 10 15:16:26 rhel6 sshd[1918]: Failed password for test from
192.x.x.x port 4467 ssh2

Jan 10 15:16:29 rhel6 sshd[1918]: Failed password for test from 192.x.x.
port 4467 ssh2

Jan 10 15:16:29 rhel6 sshd[1919]: Disconnecting: Too many authentication
failures for test

Jan 10 15:16:29 rhel6 sshd[1918]: PAM 1 more authentication failure;
logname= uid=0 euid=0 tty=ssh ruser= rhost=mc23.xxxxx.int user=test

In /etc/ssh/sshd_config I've got

UsePAM yes

PasswordAuthentication yes

ChallengeResponseAuthentication no

I might be missing something silly here, so I'd really appreciate any
advice on getting this to work on Red Hat Enterprise Linux 6.


redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe

Thread Tools

All times are GMT. The time now is 05:04 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org