Bug 201202

Summary: pam_tally missing lock_time and unlock_time parameter
Product: Red Hat Enterprise Linux 3 Reporter: Nicolas Scheibling <nscheibl>
Component: pamAssignee: Tomas Mraz <tmraz>
Status: CLOSED DEFERRED QA Contact: Jay Turner <jturner>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.0CC: srevivo
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-08-03 16:06:06 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Nicolas Scheibling 2006-08-03 15:45:15 UTC 
Description of problem: 
The pam_tally module didn't know lock_time and unlock_time arguments 
 
Version-Release number of selected component (if applicable): 
pam-0.75-62 
RHEL 3 Update 6 
 
 
How reproducible: 
Add the two following lines into the file /etc/pam.d/system_auth  
auth        required      /lib/security/$ISA/pam_tally.so onerr=fail 
no_magic_root 
account     required      /lib/security/$ISA/pam_tally.so onerr=fail deny=3 
no_magic_root lock_time=15 unlock_time=1800 
 
 
Steps to Reproduce: 
1. Add the pam_tally configuration (see above) into 
the /etc/pam.d/system_auth/system-auth file 
2. Try to do some login with a false password. 
3. Watch the logs 
   
Actual results: 
The syslog displays:  
pam_tally: unknow option; unlock_time=1800 
pam_tally: unknow option; lock_time=15 
 
Expected results: 
User should be locked after 3 failled login, and unlocked after waiting 1800 
seconds (30 minutes) 
 
Additional info: 
http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/sag-pam_tally.html
Comment 1 Tomas Mraz 2006-08-03 16:06:06 UTC 
This problem will be resolved in a future major release of Red Hat Enterprise
Linux. Red Hat does not currently plan to provide a resolution for this in a Red
Hat Enterprise Linux update for currently deployed systems.

With the goal of minimizing risk of change for deployed systems, and in response
to customer and partner requirements, Red Hat takes a conservative approach when
evaluating changes for inclusion in maintenance updates for currently deployed
products. The primary objectives of update releases are to enable new hardware
platform support and to resolve critical defects.