On Mon, Jan 4, 2010 at 12:42 PM, Roland Roland <R_O_L_A_N_D at hotmail.com>wrote: > Hello all, > > Can anyone please help out with configuring PAM? > I've checked a couple of tutorials online.. > though most of them are related to Login though I want to set PAM up for > SSH logins... > I've set the max erroneous logins to just THREE and even after trying to > login with an error pass I still can get in... > > I use a combination of /etc/login.defs and the faillog utility to set this. >From the faillog manpage: -m, --maximum MAX Set maximum number of login failures after the account is disabled to MAX. Selecting MAX value of 0 has the effect of not placing a limit on the number of failed logins. The maximum failure count should always be 0 for root to prevent a denial of services attack against the system. > also is there a way I could enable the PAM module which uses crack library > to check the strength of a users password? > > This should do it: http://www.deer-run.com/~hal/sysadmin/pam_cracklib.html -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20100104/55c7ead7/attachment-0005.html>