When pam_tally is used, a valid authentication through sudo still generates a failed login for faillog

Solution Unverified - Updated -

Issue

  • pam_tally functionality is not working correctly with sudo.

  • When pam_tally is used, a valid authentication through sudo still generates a failed login for faillog.

  • Configure /etc/pam.d/system-auth to lockout an user after 5 failed login attempts as below :

    auth        required      pam_tally.so onerr=fail deny=5
  • Now run sudo,
# sudo pwd
    Password: *** <---Give the correct password of user.
    /home/test
  • The command issued to sudo DOES execute successfully. But it generates a failed login message in /var/log/secure
    example.com sudo:     test : TTY=pts/4 ; PWD=/home/test ; USER=root ; COMMAND=/bin/pwd
    example.com sudo: pam_tally(sudo:setcred): Tally underflowed for user root
  • And faillog generates the following output:
# faillog -u test
    Login       Failures Maximum Latest                   On
    test            1        0   01/25/10 13:03:01 +0530  /dev/pts/4

Environment

  • Red Hat Enterprise Linux 5.4
  • sudo-1.6.9p17-5.el5
  • pam-0.99.6.2-6.el5

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.