[GRLUG] Login failures on Cent?

Don Ellis don.ellis at gmail.com
Wed Apr 6 13:58:34 EDT 2011


On Wed, Apr 6, 2011 at 11:53 AM, L. V. Lammert <lvl at omnitec.net> wrote:
> On Wed, 6 Apr 2011, Michael Mol wrote:
>
>> On other distros, I'd expect to find it under /var/log/auth.
>>
> Indeed! Unfortunately, it's not there.
>
> Your grep suggestion was a clue, however, .. it's "/var/log/secure".
>
>        TFTR!

Interesting -- I tried hints from

    http://www.cyberciti.biz/tips/rhel-centos-fedora-linux-log-failed-login.html

I edited /etc/pam.d/system-auth-ac (linked from system-auth) as
indicated, with no effect on failed attempts to log in.

Looking at /var/log/secure, I see:

Apr  6 12:35:28 localhost unix_chkpwd[11801]: password check failed
for user (donls)
Apr  6 12:35:28 localhost login: pam_tally(login:auth): unknown
option: no_magic_root
Apr  6 12:35:28 localhost login: pam_tally(login:auth): Error opening
/var/log/faillog for update
Apr  6 12:35:28 localhost login: pam_tally(login:auth): Error opening
/var/log/faillog for read
Apr  6 12:35:30 localhost login: FAILED LOGIN SESSION FROM (null) FOR
donls, Authentication failure
Apr  6 12:35:30 localhost login: PAM 3 more authentication failures;
logname=donls uid=500 euid=500 tty=pts/2 ruser= rhost=  user=donls
Apr  6 12:35:30 localhost login: PAM service(login) ignoring max retries; 4 > 3

So, one problem being presented is that the pam tally process can't
open /var/log/faillog for update (and then can't open it for read,
since it's empty).

How do we make it possible for pam_tally to run as advertised?

--Don Ellis

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the grlug mailing list