[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Monit PAM problem with pam_tally2 enabled

From: Lutz Mader
Subject: Monit PAM problem with pam_tally2 enabled
Date: Sun, 09 Sep 2018 15:32:28 +0200
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.6.0

Hello Tildeslash,
I start using monit with PAM support enabled, this works well as long as
I start monit in the system context, with uid 0.
With all Linux systems are using "pam_tally2", I got a problem, because
the user will be locked after some successful logons.

With a short look to the monit util.c file it seems to me, only
"pam_start", "pam_authenticate" and "pam_end" is used.
But "pam_acct_mgmt" is not used, the counter used by "pam_tally2" are
not reset in the "account" facility therefore.

Is this a bug, any reason the "auth" facility is used only and the
"account" is not used.

Thanks for any help,

The used PAM common-auth file contain
auth    required
auth    required
auth    required  file=/var/log/tallylog deny=3

With a monit specific PAM file everything works well (see below), but
"auth" will be used only and "pam_tally" can't used.
# monit: auth account password session
auth       sufficient
auth       required
account    required
password   required
session    required

reply via email to

[Prev in Thread] Current Thread [Next in Thread]