The executable utility pam_tally used for viewing and resetting
the /var/log/faillog file after X failed login attempts is not present on
the RedHat pam-0.72-20. pam_tally.so library is included however, making
it possible to prevent logins after X failed login attempts but not to
reset them since the pam_tally utility isn't included.
The README files from the modules/* directories which provide more
detailed description are also not included in the /usr/doc/pam-0.72-20
Finally, due to the permissions on /bin/login not being setuid, a user
could bypass the whole pam_tally.so module locally by running login at the
shell prompt. pam_tally.so then attempts to write the file with the
permissions of the user who invoked it and fails since it is owned by
root, therefore bypassing the tallying effect (this may be a pam_tally
The README files and pam_tally application are being added for the next
release. A non-setuid-root /bin/login is useless (when pam_unix is being used
for authentication) for getting a login shell as anyone other than yourself.