Operating System - HP-UX
1748104 Members
4458 Online
108758 Solutions
New Discussion юеВ

Re: pam_authenticate with correct password doesn't reset the number of login tries with wrong password

 
Yu Ping
Occasional Advisor

Re: pam_authenticate with correct password doesn't reset the number of login tries with wrong password

Hello Horia,

Please see attached file which contains pam.conf and command output. Is it useful for the problem troubleshooting?

Thank you.

Regards
Yu Ping
Horia Chirculescu
Honored Contributor

Re: pam_authenticate with correct password doesn't reset the number of login tries with wrong password

It troubles me why you do not get the file: /var/adm/syslog/debug.log

This is why I suspected that you do have some problems on syslogd configuration. Re-check /etc/syslog.conf (do you really have this line:

*.debug /var/adm/syslog/debug.log

? You should use TABs between debug and /var
) .

Did you restarted properly the syslogd. Log off and then log in on another terminal. You should get something on debug.log file.

Horia.
Best regards from Romania,
Horia.
Yu Ping
Occasional Advisor

Re: pam_authenticate with correct password doesn't reset the number of login tries with wrong password

Hi Horia,

In my previous message, the attached file contains debug.log. Please check it.

Thank you.

Regards
Yu Ping
Horia Chirculescu
Honored Contributor

Re: pam_authenticate with correct password doesn't reset the number of login tries with wrong password

According to:

http://docs.hp.com/en/B3921-60631/pam_hpsec.5.html

You must have installed the TrustedMigration product. This can be installed only on HP-UX 11iv2+ according to:

http://software.hp.com/portal/swdepot/displayInstallInfo.do?productNumber=StdModSecExt

So you should have HP-UX 11iv2 or v3 and you should have check if the product is installed:

swlist | grep TrustedMigration

Also, according to man security on v3:

http://docstore.mik.ua/manuals/hp-ux/en/B2355-60130/security.4.html

This attribute does not apply to trusted systems. So on trusted system this AUTH_MAXTRIES would not work.

Horia.
Best regards from Romania,
Horia.
Yu Ping
Occasional Advisor

Re: pam_authenticate with correct password doesn't reset the number of login tries with wrong password

Hello Horia,

But AUTH_MAXTRIES works well for telnet. That means when customer tries to test telnet with wrong/correct password, AUTH_MAXTRIES works well.

Your comments please, thank you.

Regards
Yu Ping
Yu Ping
Occasional Advisor

Re: pam_authenticate with correct password doesn't reset the number of login tries with wrong password

Hello Horia,

Do you have any ideas and advices? Thank you.

Regards
Yu Ping
Yu Ping
Occasional Advisor

Re: pam_authenticate with correct password doesn't reset the number of login tries with wrong password

Hello Horia,

Do you have the update of this problem? Thanks.

Regards
Yu Ping