[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[suse-security] Disable login for x minutes after x failed logins?



I want to either disable a remote login (ssh, ftp, pop etc.) after x 
failures completely, to the trying remote client (IP no.) or for x 
minutes.
I searched the web up and down, but can't come up with a simple and 
concise explanation, how to do this. It seems pam_tally could somehow be 
used to achieve part of that, but not completely. F.i. it seems once the 
account is locked it is locked as long as someone unlocks it.
Is pam_tally the way to go or are there better ways on a normal Suse 8/9 
system? Is there a better explanation/howto than what can be found in the 
PAM docs, man or 
http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam.html
(PAM system administrator's guide)?
At least for me this documentation is quite scarce and I'm missing some 
real-word and "how-to" examples for a good start.

I also wonder if any of the login.defs definitions is used if PAM gets 
used? I read somewhere that most of it is handled by PAM now, but some 
options were still valid, f.i. "fail_delay" (delay for next attempt after 
a failure), but I can't repro that, so it seems none of it is in use when 
using PAM?

Thanks,



Kai




-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here