Annotated edit history of
pam_tally(8) version 7, including all changes.
View license author blame.
| Rev |
Author |
# |
Line |
| 7 |
AristotlePagaltzis |
1 |
The maintenance program for <tt>pam_tally.so</tt>. [pam_tally | http://www.baverstock.org.uk/tim/pam/] is a [PAM] module intended to deny further authentication attempts after a given count of failed authentications. |
| 1 |
perry |
2 |
|
| 7 |
AristotlePagaltzis |
3 |
pam_tally(8) can list and reset the accumulated counts. Note that this only uses a local file (defaults to <tt>/var/adm/faillog</tt>) and has no facility to use [LDAP] or similar systems to combine results from several machines (or a cluster). |
| 3 |
ChrisSamuel |
4 |
|
| 7 |
AristotlePagaltzis |
5 |
pam_tally provides a subset of the functionality of [pam_abl | http://www.hexten.net/pam_abl/], but where pam_tally simply counts failing usernames, pam_abl allows for: |
| |
|
6 |
* counting failing hosts as well as usernames (my logs show the same attacking hostnames trying lots of different usernames rather than the other way round) |
| |
|
7 |
* configurable time-based failures (e.g. record a failure if the user or host fails 5 times in an hour or 10 in a day) |
| |
|
8 |
* configurable time-based auto-purging of failure database |
| 5 |
TomGreen |
9 |
|
| |
|
10 |
On the other hand, pam_abl seems to have 2 issues at the moment: |
| 7 |
AristotlePagaltzis |
11 |
* some users (including TomGreen) report failures not being recorded in database (fixed in current [CVS] from SourceForge) |
| |
|
12 |
* an issue with OpenSSH [where failures don't seem to be recorded | http://sourceforge.net/tracker/?group_id=148927&atid=773100] |
This page is a man page (or other imported legacy content). We are unable to automatically determine the license status of this page.
