[CentOS] PAM_shield locking me out?

Fri Aug 27 08:10:46 UTC 2010
A. Kirillov <nevis2us at infoline.su>

> >> Yesterday I installed pam_shield and followed the testing suggested and 
> >> thought all was well.
> >> today I find that I cannot get to my email account, I can login via ssh okay 
> >> (uses keys) but su and sudo give
> >> segmentation faults. I am guessing due to the pam module causing a problem.
> >> As I cannot do remote login as root and sudo and su use pam I appear to have 
> >> locked myself out.
> >>     
> >
> > I have not encountered this issue. And I have been using it on 32bit and 
> > 64bit machines with RHEL4 and RHEL5. I guess it must be related to a 
> > configuration issue somewhere. Not good though.
> >
> > Was this with the 0.9.2 release, or the 0.9.3 release ?
> >
> > Please provide this information to the author, he might help you find the 
> > cause and fix it in pam_shield.
> >
> > Thanks for reporting,
> >   
> Update - running 0.9.2 release on both a .386 and a .x86_64 system
> I think the location of the
> auth   optional    pam_shield.so
> line within the /etc/pam.d/ config files is important??
> I had an error on the 64 bit machine thus it was not running - I have 
> now fixed and after looking at the response from S.Tindall I have moved 
> the line to the location as shown in /etc/pam.d/system-auth-ac:
> <snip>
> auth        required      pam_env.so
> auth        sufficient    pam_unix.so nullok try_first_pass
> auth        requisite     pam_succeed_if.so uid >= 500 quiet
> auth        sufficient    pam_krb5.so use_first_pass
> auth        optional      pam_shield.so
> auth        required      pam_deny.so
> <snip>
> Lets see if this works.

I've tried that too and it was a good suggestion
as su now crashes only if you enter a wrong password.
I've also tried to rebuild rpmforge srpm with no luck.
Could you really make this thing work? I mean did it
actually block anything after a series of failed logins?

Sasha