pam_tally logs: Tally underflowed for user root

Solution Verified - Updated -


  • outputs '..Tally underflowed for user..'


  • Red Hat Enterprise Linux 5

  • pam-

  • The following configuration on /etc/pam.d/system-auth

    # This file is auto-generated.
    # User changes will be destroyed the next time authconfig is run.
    auth        required
    auth        required deny=6 onerr=fail even_deny_root_account
    #auth        sufficient nullok try_first_pass
    auth        required nullok try_first_pass
    #auth        requisite uid >= 500 quiet
    #auth        required
    account     required
    account     required
    account     sufficient uid < 500 quiet
    account     required
    password    requisite try_first_pass retry=3
    password    sufficient md5 shadow nullok try_first_pass use_authtok
    password    required
    session     optional revoke
    session     required
    session     [success=1 default=ignore] service in crond quiet use_uid
    session     required
  • The following for /etc/pamd/vsftpd

    session    optional    force revoke
    auth       required item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed
    auth       required
    auth       include      system-auth
    account    include      system-auth
    session    include      system-auth
    session    required

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.