hi, i just noticed that my pam_tally config has stopped working. it used to work in 3.6.1p2, but since then hasn't. i configured openssh like so: ./configure --with-tcp-wrappers --with-pam --with-privsep-user=sshd --with-md5-passwords --with-ipaddr-display and i do have "UsePAM yes" set in sshd_config. i've tried and failed to get it to work with 3.7.1p2 and 3.8.1p1. i've tried compiling them both --with-pam and --without-pam and tried both "UsePAM yes" and "UsePAM no" all to no avail. /var/log/faillog exists and it is owned by root and set to 600. these are redhat 7.3 and 9 systems. it displays the same behavior on both. any thoughts? <EOF> ::[ RFC 2795 ]:: "Democracy means simply the bludgeoning of the people by the people for the people." -Oscar Wilde
listz at hate.cx wrote:> and i do have "UsePAM yes" set in sshd_config. i've tried and failed to get it > to work with 3.7.1p2 and 3.8.1p1. i've tried compiling them both --with-pam and > --without-pam and tried both "UsePAM yes" and "UsePAM no" all to no avail. > /var/log/faillog exists and it is owned by root and set to 600. these are redhat > 7.3 and 9 systems. it displays the same behavior on both. any thoughts?Do you have "ChallengeResponseAuthentication yes" and "PasswordAuthentication no" in sshd_config? If not it's possible that you're not actually using PAM to authenticate (which might explain your problem). -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.