monit-general
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Monit PAM problem with pam_tally2 enabled


From: Lutz Mader
Subject: Monit PAM problem with pam_tally2 enabled
Date: Sun, 09 Sep 2018 15:32:28 +0200
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.6.0

Hello Tildeslash,
I start using monit with PAM support enabled, this works well as long as
I start monit in the system context, with uid 0.
With all Linux systems are using "pam_tally2", I got a problem, because
the user will be locked after some successful logons.

With a short look to the monit util.c file it seems to me, only
"pam_start", "pam_authenticate" and "pam_end" is used.
But "pam_acct_mgmt" is not used, the counter used by "pam_tally2" are
not reset in the "account" facility therefore.

Is this a bug, any reason the "auth" facility is used only and the
"account" is not used.

Thanks for any help,
Lutz

p.s.
See https://www.novell.com/support/kb/doc.php?id=7011883
The used PAM common-auth file contain
auth    required        pam_env.so
auth    required        pam_unix2.so
auth    required        pam_tally2.so  file=/var/log/tallylog deny=3

With a monit specific PAM file everything works well (see below), but
"auth" will be used only and "pam_tally" can't used.
# monit: auth account password session
auth       sufficient   pam_unix2.so
auth       required     pam_deny.so
account    required     pam_permit.so
password   required     pam_deny.so
session    required     pam_permit.so



reply via email to

[Prev in Thread] Current Thread [Next in Thread]