[GRLUG] Login failures on Cent?
Don Ellis
don.ellis at gmail.com
Wed Apr 6 13:58:34 EDT 2011
On Wed, Apr 6, 2011 at 11:53 AM, L. V. Lammert <lvl at omnitec.net> wrote:
> On Wed, 6 Apr 2011, Michael Mol wrote:
>
>> On other distros, I'd expect to find it under /var/log/auth.
>>
> Indeed! Unfortunately, it's not there.
>
> Your grep suggestion was a clue, however, .. it's "/var/log/secure".
>
> TFTR!
Interesting -- I tried hints from
http://www.cyberciti.biz/tips/rhel-centos-fedora-linux-log-failed-login.html
I edited /etc/pam.d/system-auth-ac (linked from system-auth) as
indicated, with no effect on failed attempts to log in.
Looking at /var/log/secure, I see:
Apr 6 12:35:28 localhost unix_chkpwd[11801]: password check failed
for user (donls)
Apr 6 12:35:28 localhost login: pam_tally(login:auth): unknown
option: no_magic_root
Apr 6 12:35:28 localhost login: pam_tally(login:auth): Error opening
/var/log/faillog for update
Apr 6 12:35:28 localhost login: pam_tally(login:auth): Error opening
/var/log/faillog for read
Apr 6 12:35:30 localhost login: FAILED LOGIN SESSION FROM (null) FOR
donls, Authentication failure
Apr 6 12:35:30 localhost login: PAM 3 more authentication failures;
logname=donls uid=500 euid=500 tty=pts/2 ruser= rhost= user=donls
Apr 6 12:35:30 localhost login: PAM service(login) ignoring max retries; 4 > 3
So, one problem being presented is that the pam tally process can't
open /var/log/faillog for update (and then can't open it for read,
since it's empty).
How do we make it possible for pam_tally to run as advertised?
--Don Ellis
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the grlug
mailing list