Bug 124697 - pam_tally.so does not set maximum of increment failures in faillog
pam_tally.so does not set maximum of increment failures in faillog
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: pam (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Mraz
Jay Turner
Depends On:
  Show dependency treegraph
Reported: 2004-05-28 12:05 EDT by David Preston
Modified: 2015-01-07 19:07 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-10-19 09:42:22 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description David Preston 2004-05-28 12:05:07 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4)
Gecko/20030624 Netscape/7.1

Description of problem:
pam_tally.so does not set the maximum number of failures permitted or
increment the number of failures in the faillog.  It copies the
Username, sets Failures to 0, sets Maximum to 0, puts the correct
information in the Lastest field in /var/log/faillog

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.telnet or ssh to machine
2.login in with a valid user ID
3.Enter wrong password 

Actual Results:  
student1              0        0  Fri May 28 08:51:58 -0700 2004 on 
student2              0        0  Fri May 28 08:51:52 -0700 2004 on

Expected Results:  Should increment the Failure column for each
failure and set the maximum number of failures.

Additional info:

clip from system-auth

auth        required      /lib/security/$ISA/pam_env.so
auth        required      /lib/security/$ISA/pam_tally.so
auth        requisite     /lib/security/$ISA/pam_unix.so likeauth nodelay
auth        optional      /lib/security/$ISA/pam_smbpass.so migrate
#auth        sufficient    /lib/security/$ISA/pam_deny.so

account     required      /lib/security/$ISA/pam_tally.so deny=5     reset
account     required      /lib/security/$ISA/pam_unix.so
Comment 1 Tomas Mraz 2004-09-09 05:08:13 EDT
This is NOTABUG. You must specify no_magic_root for tally module for
ssh, telnet or login.
Otherwise the failure count isn't incremented.

See README for the pam_tally module.

Note You need to log in before you can comment on or make changes to this bug.