Am 2006-08-11 21:28:16, schrieb Nicolas François:
> Hello,
>
>
> On Mon, Jul 24, 2006 at 10:35:44PM +0200, Michelle Konzack wrote:
> >
> > I was using "faillog" since many years because I need fo a security
> > policy to block users after 5 false logins. I have never checked it,
> > because it WAS working in Potato and Woody from scratch...
> >
> > Now I had a problem with hack attemts and encountered that the file
> > /var/log/faillog is missing...
>
> I don't think Sarge's login supports faillog (even if there is a
> FAILLOG_ENAB variable in /etc/login.defs). This was reintroduced in
> Etch.
Sorry the question, but WHY it was droped from Woody to Sarge?
This breaks the my dozen Internet Cafes in Morocco, Turkey and Iran
since it does not more work. For me this is a grave error.
And, I have not found any documentations about its removal.
> pam_tally.so must also be used as an account module:
>
> account required pam_tally.so deny=10 reset no_magic_root
>
> I think pam_tally should be used as the first auth module and as the last
> account module.
This is realy weired, since my Woody Workststion has no
pam_tally in its pam config and it works like expected.
I have only called 'faillog' and setup my $USER.
Under Woody are no changes need to use 'faillog'.
> Last time I tried (1 year ago, i.e. libpam-modules 0.76-23), pam_tally
> worked.
> Note that when a user logs in, the "x failures since last login." message
> will always indicate 0 failures.
Right, it is cleared IF the $USER has a correct login. But if you
check faillog form a root console, you see on a Woody system the
count increasing but not under Sarge, It seems to be a bug.
Compiling PAM from Woody for Sarge is working nice.
But since Security-Updates has stoped for Woody, it is no
solution for an Internet Cafe with excessiv public access.
> It conflicts with FAILLOG_ENAB.
> The conflict could be indicated and the examples could be added, but maybe
> this example could be better suited in the common-auth and common-account
> files.
>
> If it works, can you confirm and/or close this bug?
I will try to setup my Workststion to the examples and report it later.
Note: Under Woody I open a XTerm with su-to-root and a second normal
one. now in the root-XTerm I run 'faillog' and see, there are
no errors. Now I try from the second XTerm to su to another
user with a false password, go back to XTerm-root and run faillog.
Under Woody, faillog is increased, but not under Sarge.
Same for WDM login under Woody. Faults are loged.
Last question:
Do you know another method to block access for users using false
Passwords? (must work for ssh, su, console, x/plain, KDE and GNOME)
> Kind Regards,
Thanks and Greetings
Michelle Konzack
Systemadministrator
Tamay Dogan Network
Debian GNU/Linux Consultant
--
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
Michelle Konzack Apt. 917 ICQ #328449886
50, rue de Soultz MSM LinuxMichi
0033/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
