Turning on pam_tally.so
Under Fedora Core 4, /etc/pam.d/system-auth says not to edit that file by hand because authconfig overwrites it. However, "man authconfig" doesn't say how to turn on pam_tally.so, and neither does the authconfig GUI. Can you tell me how to turn the pam_tally.so on? This is with regards to your article, "Account locking for Linux via PAM."

    Requires Free Membership to View

    Login

    When you register, my team of editors will also send you resources covering Linux administration and management; integration and interoperability between Linux, Windows and Unix; securing Linux and mixed-platform environments; and migrating to Linux.

    Margie Semilof, Editorial Director

    By submitting your registration information to SearchEnterpriseLinux.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchEnterpriseLinux.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

Sorry I should have addressed this as part of my tip. I am afraid there is no clean and easy way around this. I tend not to use the authconfig command (or the associated GUI) to configure systems. But if I have to run authconfig, I make copies of the system-auth file before running authconfig. That way I can add back in previous changes made to the file.

I also recommend the use of a central configuration manager like cfengine or puppet to keep files like this up to date from a central point.

This was first published in February 2007

Back to top