From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 Description of problem: pam_tally.so does not set the maximum number of failures permitted or increment the number of failures in the faillog. It copies the Username, sets Failures to 0, sets Maximum to 0, puts the correct information in the Lastest field in /var/log/faillog Version-Release number of selected component (if applicable): pam-0.75-54 How reproducible: Always Steps to Reproduce: 1.telnet or ssh to machine 2.login in with a valid user ID 3.Enter wrong password Actual Results: student1 0 0 Fri May 28 08:51:58 -0700 2004 on student2 0 0 Fri May 28 08:51:52 -0700 2004 on Expected Results: Should increment the Failure column for each failure and set the maximum number of failures. Additional info: clip from system-auth auth required /lib/security/$ISA/pam_env.so auth required /lib/security/$ISA/pam_tally.so auth requisite /lib/security/$ISA/pam_unix.so likeauth nodelay auth optional /lib/security/$ISA/pam_smbpass.so migrate #auth sufficient /lib/security/$ISA/pam_deny.so account required /lib/security/$ISA/pam_tally.so deny=5 reset account required /lib/security/$ISA/pam_unix.so
This is NOTABUG. You must specify no_magic_root for tally module for ssh, telnet or login. Otherwise the failure count isn't incremented. See README for the pam_tally module.