setup users to lock after 3 attemps in Red Hat 5 Ent

[rusavolk]

Hello all,
anybody knows how to setup "account lock out" for some time in Red Hat 5 ent?
i am playing with /etc/pam.d/system-auth
while trying multiple settings, however, none of them work
my user can still login via ssh.
that the heck? it should be easier then that....

Current /etc/pam.d/system-auth setup

auth required /lib/security/$ISA/pam_env.so
auth required /lib/security/$ISA/pam_tally.so onerr=fail deny=5 unlock_time=120
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth required /lib/security/$ISA/pam_deny.so

account required /lib/security/$ISA/pam_unix.so
account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account required /lib/security/$ISA/pam_permit.so
account required /lib/security/$ISA/pam_tally.so


P.S. i am also using NIS to authenticate.
Thank you,

 

[BadBigBen]

perhaps this will lead to an idea, it is a GOOGLE translation of a German website, where the author uses DenyHost to accomplish a bit more than that which you ask, but looking through the CODE BOX (expanded view under the non-translated website), shows that you can alter the number of login attempts and more...

Avoiding SSH Dictionary Attacks with DenyHosts

http://www.systemengineers.de/linux/debian/vermeidung-von-ssh-dictionary-attacks-mit-denyhosts

Ben
"If it works don't fix it! If it doesn't use a sledgehammer..."
How to ask a question, when posting them to a professional forum.
Only ask questions with yes/no answers if you want "yes" or "no"