I'd call that a bug that you should reoprt to the pam_tally author - this
case, you should file a bugzilla report with Red Hat since they distribute
the routine as part of the pam package. A security policy implemented
correctly should not allow a user to gather information about correct or
incor
> A much better solution is that which is implemented by default in VMS -
lock
> the account for a random period of time - usually around 5 minutes - but
> don't lock it permanently. When the account is locked, accept all
passwords,
> even the correct one, and return a standard user authorization
On Mon, Mar 04, 2002 at 01:03:21PM -0500, Paul Greene wrote:
>
> Is there a capability within the PAM authentication modules to implement a
> user account lockout if someone fails a login more than, say, 3 times in
> a row?
>
> The intention would be that if a user fails a login more than 3 time
Is there a capability within the PAM authentication modules to implement a
user account lockout if someone fails a login more than, say, 3 times in
a row?
The intention would be that if a user fails a login more than 3 times
within a certain time period (like within a time period of 30 minutes o
