Penguin
Note: You are viewing an old revision of this page. View the current version.

The pam_tally.so PAM module is intended to denying further authentication attempts after a given count of failed authentications. pam_tally is the maintenance program for pam_tally.so: it can list and reset the accumulated counts.

The pam_tally project homepage is here: http://www.baverstock.org.uk/tim/pam/

Note that this only uses a local file (defaults to /var/adm/faillog) and has no facility to use LDAP or similar systems to combine results from several machines (or a cluster).

pam_tally provides a subset of the functionality of pam_abl (http://www.hexten.net/pam_abl/), but where pam_tally simply counts failing usernames, pam_abl allows for:

  • counting failing hosts as well as usernames (most ssh attackers won't keep retrying the same username)
  • configurable time-based failures (e.g. record a failure if the user or host fails 5 times in an hour or 10 in a day)
  • configurable time-based auto-purging of failure database

On the other hand, pam_abl seems to have 2 issues at the moment: 1. some users (including me) report failures not being recorded in database (fixed in current CVS from sourceforge) 2. an issue with OpenSSH where failures don't seem to be recorded (more details here: http://sourceforge.net/tracker/?group_id=148927&atid=773100)

This page is a man page (or other imported legacy content). We are unable to automatically determine the license status of this page.