Operating System - HP-UX
1748169 Members
3895 Online
108758 Solutions
New Discussion юеВ

Re: pam_authenticate with correct password doesn't reset the number of login tries with wrong password

 
Yu Ping
Occasional Advisor

pam_authenticate with correct password doesn't reset the number of login tries with wrong password

Hello,

I set AUTH_MAXTRIES=7 in /etc/default/security. I use pam_authenticate() in the application to check account authentication.
1) I did 6 login tries (by pam_authenticate) with wrong password, and then 1 try with correct password.
2) Then I did another 2 tries with wrong password, the account is disabled.

So the problem is that the correct login cannot reset the number of tries with wrong password.
Btw, if I use telnet, after 6 wrong password + 1 correct passwork + 2 wrong password, the account is not disabled.

OS: HP-UX B.11.31

Can anyone know this problem and help? Thanks in advance.
16 REPLIES 16
Horia Chirculescu
Honored Contributor

Re: pam_authenticate with correct password doesn't reset the number of login tries with wrong password

Hello,

You could initiate a debug on the session management component and on authentication component. This is done by adding "debug" option at the end of the corresponding line from /etc/pam.conf.

Debugging info can be found in syslog, LOG_DEBUG level.

Best regards
Horia.
Best regards from Romania,
Horia.
Yu Ping
Occasional Advisor

Re: pam_authenticate with correct password doesn't reset the number of login tries with wrong password

Hello Horia,

Thanks for your advice.

After adding "debug" option at the end of the corresponding line from /etc/pam.conf, we don't find LOG_DEBUG info in syslog file. Do we need to restart any application or do anything else?

Regards
Yu Ping
Horia Chirculescu
Honored Contributor

Re: pam_authenticate with correct password doesn't reset the number of login tries with wrong password

Try this:

Edit /etc/syslog.conf and add the line:

*.debug /var/adm/syslog/debug.log

Save the file and exit vi.

Restart the syslogd server:

/sbin/init.d/syslogd stop
/sbin/init.d/syslogd start

Check the file:
/var/adm/syslog/debug.log

For debug messages from your system (all debug info would go there in that file)

Horia.
Best regards from Romania,
Horia.
Yu Ping
Occasional Advisor

Re: pam_authenticate with correct password doesn't reset the number of login tries with wrong password

Hello Horia,

I have followed the steps you provided, but there is no /var/adm/syslog/debug.log exist.

Please advise. Thank you.

Regards
Yu Ping
Horia Chirculescu
Honored Contributor

Re: pam_authenticate with correct password doesn't reset the number of login tries with wrong password

Do you have something in

/var/adm/syslog/syslog.log ?

You should check for new messages in this file.

Check if syslogd is running:

ps -ae |grep syslogd

Horia.
Best regards from Romania,
Horia.
Yu Ping
Occasional Advisor

Re: pam_authenticate with correct password doesn't reset the number of login tries with wrong password

Hi Horia,

I have checked the syslog.log file, but no useful info:

# cat /var/adm/syslog/syslog.log
Feb 9 15:00:42 HELIKE12 syslogd: restart
Feb 9 15:00:42 HELIKE12 syslogd: the kernel messages are already disabled: No such device or address
Feb 9 15:03:12 HELIKE12 sshd[8628]: SSH: Server;LType: Throughput;Remote: 10.0.127.33-47570;IN: 26928;OUT: 10784;Duration: 550.2;tPut_in: 48.9;tPut_out: 19.6
Feb 9 15:03:44 HELIKE12 ftpd[8657]: FTP session closed
Feb 9 15:04:25 HELIKE12 sshd[8842]: SSH: Server;Ltype: Version;Remote: 10.0.127.33-47939;Protocol: 1.99;Client: 3.2.9 SSH Secure Shell for Windows
Feb 9 15:04:32 HELIKE12 sshd[8842]: error: PAM: Authentication failed for root from 10.0.127.33
Feb 9 15:04:35 HELIKE12 sshd[8842]: Accepted password for root from 10.0.127.33 port 47939 ssh2
#

the syslogd server is running:
# ps -ae | grep syslogd
8775 ? 0:00 syslogd
Horia Chirculescu
Honored Contributor

Re: pam_authenticate with correct password doesn't reset the number of login tries with wrong password

The system is currently unavailable. Please try again later.

wpa-pl-wpaframework-10000
Best regards from Romania,
Horia.
Horia Chirculescu
Honored Contributor

Re: pam_authenticate with correct password doesn't reset the number of login tries with wrong password

Seems that more that one syslogd is currently running. Please kill all the syslogd processes and restart syslogd. (use kill -9 if necessary)

ps -ex |grep syslogd

should return no lines.
Best regards from Romania,
Horia.
Horia Chirculescu
Honored Contributor

Re: pam_authenticate with correct password doesn't reset the number of login tries with wrong password

Then start the service again and verify that you have only one syslogd running (the above command would return only one line)

Please copy&paste /etc/syslog.conf here.
Double-check the configuration. Be sure that you used TABs to delimit the parts from each line.

Horia.
Best regards from Romania,
Horia.