[tac_plus] Question about failed logins
heasley
heas at shrubbery.net
Fri Jan 15 19:46:17 UTC 2016
Fri, Jan 15, 2016 at 11:17:04AM -0700, Andy Ruhl:
> I'm looking for advice or direction on failed logins.
>
> I have tac_plus F4.0.4.28 running on Linux.
>
> It's using pam for authentication.
>
> I'm required to lock out users after 5 failed login attempts, but the
> problem is that when I log into an average Cisco switch, it seems to
> create a failed login attempt before I'm even prompted for a password:
>
> [root at machine ~]# pam_tally2
> Login Failures Latest failure From
> acruhl 1 01/15/16 11:05:12 unknown
>
> So if I log into a few switches I get locked out even if I never put
> in an incorrect password.
>
> Is there some option to prevent this failed login? I've done some
> searching but I really hope I didn't miss something obvious.
I presume this is a problem with the pam module or your pam configuration;
have you tested without the password-failed configuration?
and, folks would need to know which pam you are using, if various linux use
different pam implementations - i do not know.
More information about the tac_plus
mailing list