It looks like Steve had an explicit reason for disabling pam_tally here
and I don't want to go second guess that.
(Steve, if I'm wrong, please chime in).
In particular, Steve kept pam_cracklib, which also requires an extra
option, but did not keep pam_tally.
Oh, sorry there was some detail missing. The config option
--enable-tally
was added in linux-pam from version 1.4.0 to soft deprecate this module.
So when we re-enable it with this option, it should build the pam_tally
module like it was the case up to 1.3.x.
see: https://github.com/linux-pam/linux-pam/releases/tag/v1.4.0
also see this commit
https://github.com/linux-pam/linux-pam/commit/f49166c7d8f3ae2c9d337154f7e5dc50d41ab6bf
and
https://github.com/linux-pam/linux-pam/commit/ae2ccf5053b171dff644dd339338b0fde00f83a2
I did not do further srcutiny here, but I think the actual module code
was unaffected by this change. Most of the code for pam_tally in
linux-pam is more than a few years old without further change. With
the version 1.4.0 they just declared to not build these modules by
default and added options to enable them. With linux-pam 1.5.0 the
tally modules are completely removed from the codebase.
PS: pam_cracklib is also be deleted from 1.5.0, so we face the same
problem there too. Maybe we can solve this in one go. :)
