[CentOS] PAM configuration?

Kwan Lowe kwan.lowe at gmail.com
Mon Jan 4 17:51:03 UTC 2010


On Mon, Jan 4, 2010 at 12:42 PM, Roland Roland <R_O_L_A_N_D at hotmail.com>wrote:

>  Hello all,
>
> Can anyone please help out with configuring PAM?
> I've checked a couple of tutorials online..
> though most of them are related to Login though I want to set PAM up for
> SSH logins...
> I've set the max erroneous logins to just THREE and even after trying to
> login with an error pass I still can get in...
>
>

I use a combination of /etc/login.defs and the faillog utility to set this.
>From the faillog manpage:

       -m, --maximum MAX
          Set maximum number of login failures after the account is disabled
          to MAX. Selecting MAX value of 0 has the effect of not placing a
          limit on the number of failed logins. The maximum failure count
          should always be 0 for root to prevent a denial of services attack
          against the system.



> also is there a way I could enable the PAM module which uses crack library
> to check the strength of a users password?
>
> This should do it:
http://www.deer-run.com/~hal/sysadmin/pam_cracklib.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.centos.org/pipermail/centos/attachments/20100104/55c7ead7/attachment.html 


More information about the CentOS mailing list