On Fri, Apr 16, 2004 at 03:01:23PM -0400, Chris Stankaitis wrote: > I posted this to the RH PAM list in January, since then I have not seen > a SINGLE message to that list so I must assume it's dead. I am going to > re-ask here in the hopes that we have some pam guru's around. You should verify that you're actually subscribed, then. While it's not nearly as high-traffic as fedora-list, it is active. The archives show 12 messages this month, the most recent about an hour ago. > Is there a better work around then what I have done? is there a proper > way to get these two to play well together The screen saver should probably be calling pam_acct_mgmt(), even if it "knows" that the user should always be allowed access. > 2) is there a way to get pam_tally/faillog to unlock an account after XX > mins... I have hacked together a bash script to do this but I would > prefer to use native capabilities if they exist The faillog file format supports it, and pam_tally obeys it, but the tools don't provide a way to set that timeout. That would make a good enhancement request. > 3) This is my big problem... I have set tally to deny after X attempts.. > and it works... kinda... it seems like faillog or something is ignoring > the deny= line in my pam account section.. when I first do a faillog > after turning on the tally I get the normal output however it doesn't > seem to catch the deny and populate that to the Maximum... so if my deny > is set to 4 when I first do a faillog the Maximum is set to 0, I > manually do a faillog -m 4 and that fixes the problem for all the > current users on the box however when users are added to the box their > maximum is zero. > > Why isn't faillog reading the deny=X from my account requires line and > setting the maximum based on that? Having a configuration for account management unfortunately doesn't ensure that an application will make use of it. > for new users is there a login.defs value required to set the maximum on > account creation?? There is not, at least not currently. Cheers, Nalin
