Bug 74254
Summary: | root account is never locked out by pam_tally | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | Steve Fox <steve> |
Component: | pam | Assignee: | Nalin Dahyabhai <nalin> |
Status: | CLOSED NOTABUG | QA Contact: | Jay Turner <jturner> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 8.0 | CC: | kmaraas, srevivo |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
URL: | even_deny_root_account not recognized by pam_tally | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2003-04-22 15:14:05 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Steve Fox
2002-09-18 19:21:42 UTC
Have you tried the latest pam errata? Does that behave similarly? It looks like this was a PEBCAK issue. I must have misinterpreted the documentation. I am now using pam-0.75-46.8.0 and it is working proper. Here are the relevant sections of /etc/pam.d/system-auth auth required /lib/security/pam_tally.so onerr=fail no_magic_root auth required /lib/security/pam_env.so auth sufficient /lib/security/pam_unix.so likeauth nullok auth required /lib/security/pam_deny.so account required /lib/security/pam_tally.so deny=5 reset no_magic_root even_deny_root_account account required /lib/security/pam_unix.so I had put even_deny_root_account in the auth section instead of account. Using the above configuration it works as expected. Thanks. |