[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Monit PAM problem with pam_tally2 enabled
From: |
Lutz Mader |
Subject: |
Monit PAM problem with pam_tally2 enabled |
Date: |
Sun, 09 Sep 2018 15:32:28 +0200 |
User-agent: |
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.6.0 |
Hello Tildeslash,
I start using monit with PAM support enabled, this works well as long as
I start monit in the system context, with uid 0.
With all Linux systems are using "pam_tally2", I got a problem, because
the user will be locked after some successful logons.
With a short look to the monit util.c file it seems to me, only
"pam_start", "pam_authenticate" and "pam_end" is used.
But "pam_acct_mgmt" is not used, the counter used by "pam_tally2" are
not reset in the "account" facility therefore.
Is this a bug, any reason the "auth" facility is used only and the
"account" is not used.
Thanks for any help,
Lutz
p.s.
See https://www.novell.com/support/kb/doc.php?id=7011883
The used PAM common-auth file contain
auth required pam_env.so
auth required pam_unix2.so
auth required pam_tally2.so file=/var/log/tallylog deny=3
With a monit specific PAM file everything works well (see below), but
"auth" will be used only and "pam_tally" can't used.
# monit: auth account password session
auth sufficient pam_unix2.so
auth required pam_deny.so
account required pam_permit.so
password required pam_deny.so
session required pam_permit.so
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Monit PAM problem with pam_tally2 enabled,
Lutz Mader <=