Skip to navigation

pam_tally logs: Tally underflowed for user root

Updated 2013-12-20T03:29:57+00:00

Issue

  • pam_tally.so outputs '..Tally underflowed for user..'

Environment

  • Red Hat Enterprise Linux 5

  • pam-0.99.6.2-4.el5

  • The following configuration on /etc/pam.d/system-auth

    #%PAM-1.0
    # This file is auto-generated.
    # User changes will be destroyed the next time authconfig is run.
    auth        required      pam_env.so
    auth        required      pam_tally.so deny=6 onerr=fail even_deny_root_account
    #auth        sufficient    pam_unix.so nullok try_first_pass
    auth        required    pam_unix.so nullok try_first_pass
    #auth        requisite     pam_succeed_if.so uid >= 500 quiet
    #auth        required      pam_deny.so
    
    account     required      pam_tally.so
    account     required      pam_unix.so
    account     sufficient    pam_succeed_if.so uid < 500 quiet
    account     required      pam_permit.so
    
    password    requisite     pam_cracklib.so try_first_pass retry=3
    password    sufficient    pam_unix.so md5 shadow nullok try_first_pass use_authtok
    password    required      pam_deny.so
    
    session     optional      pam_keyinit.so revoke
    session     required      pam_limits.so
    session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
    session     required      pam_unix.so
    
  • The following for /etc/pamd/vsftpd

    #%PAM-1.0
    session    optional     pam_keyinit.so    force revoke
    auth       required     pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed
    auth       required     pam_shells.so
    auth       include      system-auth
    account    include      system-auth
    session    include      system-auth
    session    required     pam_loginuid.so
    

Subscriber content preview. For full access to the Red Hat Knowledgebase, please log in.

Not a subscriber? Learn more about the benefits of Red Hat Subscriptions.