- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: pam_authenticate with correct password doesn't...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-31-2010 07:10 PM
тАО01-31-2010 07:10 PM
pam_authenticate with correct password doesn't reset the number of login tries with wrong password
I set AUTH_MAXTRIES=7 in /etc/default/security. I use pam_authenticate() in the application to check account authentication.
1) I did 6 login tries (by pam_authenticate) with wrong password, and then 1 try with correct password.
2) Then I did another 2 tries with wrong password, the account is disabled.
So the problem is that the correct login cannot reset the number of tries with wrong password.
Btw, if I use telnet, after 6 wrong password + 1 correct passwork + 2 wrong password, the account is not disabled.
OS: HP-UX B.11.31
Can anyone know this problem and help? Thanks in advance.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-31-2010 10:35 PM
тАО01-31-2010 10:35 PM
Re: pam_authenticate with correct password doesn't reset the number of login tries with wrong password
You could initiate a debug on the session management component and on authentication component. This is done by adding "debug" option at the end of the corresponding line from /etc/pam.conf.
Debugging info can be found in syslog, LOG_DEBUG level.
Best regards
Horia.
Horia.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-08-2010 12:39 AM
тАО02-08-2010 12:39 AM
Re: pam_authenticate with correct password doesn't reset the number of login tries with wrong password
Thanks for your advice.
After adding "debug" option at the end of the corresponding line from /etc/pam.conf, we don't find LOG_DEBUG info in syslog file. Do we need to restart any application or do anything else?
Regards
Yu Ping
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-08-2010 01:18 AM
тАО02-08-2010 01:18 AM
Re: pam_authenticate with correct password doesn't reset the number of login tries with wrong password
Edit /etc/syslog.conf and add the line:
*.debug /var/adm/syslog/debug.log
Save the file and exit vi.
Restart the syslogd server:
/sbin/init.d/syslogd stop
/sbin/init.d/syslogd start
Check the file:
/var/adm/syslog/debug.log
For debug messages from your system (all debug info would go there in that file)
Horia.
Horia.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-08-2010 06:22 PM
тАО02-08-2010 06:22 PM
Re: pam_authenticate with correct password doesn't reset the number of login tries with wrong password
I have followed the steps you provided, but there is no /var/adm/syslog/debug.log exist.
Please advise. Thank you.
Regards
Yu Ping
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-08-2010 11:27 PM
тАО02-08-2010 11:27 PM
Re: pam_authenticate with correct password doesn't reset the number of login tries with wrong password
/var/adm/syslog/syslog.log ?
You should check for new messages in this file.
Check if syslogd is running:
ps -ae |grep syslogd
Horia.
Horia.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-09-2010 01:32 AM
тАО02-09-2010 01:32 AM
Re: pam_authenticate with correct password doesn't reset the number of login tries with wrong password
I have checked the syslog.log file, but no useful info:
# cat /var/adm/syslog/syslog.log
Feb 9 15:00:42 HELIKE12 syslogd: restart
Feb 9 15:00:42 HELIKE12 syslogd: the kernel messages are already disabled: No such device or address
Feb 9 15:03:12 HELIKE12 sshd[8628]: SSH: Server;LType: Throughput;Remote: 10.0.127.33-47570;IN: 26928;OUT: 10784;Duration: 550.2;tPut_in: 48.9;tPut_out: 19.6
Feb 9 15:03:44 HELIKE12 ftpd[8657]: FTP session closed
Feb 9 15:04:25 HELIKE12 sshd[8842]: SSH: Server;Ltype: Version;Remote: 10.0.127.33-47939;Protocol: 1.99;Client: 3.2.9 SSH Secure Shell for Windows
Feb 9 15:04:32 HELIKE12 sshd[8842]: error: PAM: Authentication failed for root from 10.0.127.33
Feb 9 15:04:35 HELIKE12 sshd[8842]: Accepted password for root from 10.0.127.33 port 47939 ssh2
#
the syslogd server is running:
# ps -ae | grep syslogd
8775 ? 0:00 syslogd
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-09-2010 02:06 AM
тАО02-09-2010 02:06 AM
Re: pam_authenticate with correct password doesn't reset the number of login tries with wrong password
wpa-pl-wpaframework-10000
Horia.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-09-2010 02:07 AM
тАО02-09-2010 02:07 AM
Re: pam_authenticate with correct password doesn't reset the number of login tries with wrong password
ps -ex |grep syslogd
should return no lines.
Horia.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-09-2010 02:07 AM
тАО02-09-2010 02:07 AM
Re: pam_authenticate with correct password doesn't reset the number of login tries with wrong password
Please copy&paste /etc/syslog.conf here.
Double-check the configuration. Be sure that you used TABs to delimit the parts from each line.
Horia.
Horia.