login_limits problem - won't work for >= 10
From: roy gordon (royg_at_semantic.com)
Date: 01/14/04
- Next message: Security Alert: "SSRT3476 SharedX"
- Previous message: Trent Rivers: "Disable remote command entry on sshd2"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 13 Jan 2004 17:17:43 -0800
We have pam login_limits enabled on our system.
When we set the login_limits to 10 or greater we observe the following
behavior:
(1) the user is locked out on the 4th bad attempt
(2) login_limit shows the consecutive failure count for that user as 3
(3) the user cannot login again (from anywhere).
We get the failures by telnet'ing to the target machine once then
continually trying to login with the correct user name but an
incorrect passwd.
This behavior is not observed when the limit is <= 9. In those case
the user gets the specified consecutive number of failures before
being locked out.
Any ideas MOST appreciated!
Roy
Here's what the entries for telnet look like in the pam.conf file:
telnet auth sufficient /usr/lib/security/pam_unix.so.1
telnet auth required /usr/lib/security/pam_login_limit.so.1
count_limit=10
- Next message: Security Alert: "SSRT3476 SharedX"
- Previous message: Trent Rivers: "Disable remote command entry on sshd2"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
