pam_tally logs: Tally underflowed for user root

Solution Verified - Updated -


  • outputs '..Tally underflowed for user..'


  • Red Hat Enterprise Linux 5

  • pam-

  • The following configuration on /etc/pam.d/system-auth

    # This file is auto-generated.
    # User changes will be destroyed the next time authconfig is run.
    auth        required
    auth        required deny=6 onerr=fail even_deny_root_account
    #auth        sufficient nullok try_first_pass
    auth        required nullok try_first_pass
    #auth        requisite uid >= 500 quiet
    #auth        required
    account     required
    account     required
    account     sufficient uid < 500 quiet
    account     required
    password    requisite try_first_pass retry=3
    password    sufficient md5 shadow nullok try_first_pass use_authtok
    password    required
    session     optional revoke
    session     required
    session     [success=1 default=ignore] service in crond quiet use_uid
    session     required
  • The following for /etc/pamd/vsftpd

    session    optional    force revoke
    auth       required item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed
    auth       required
    auth       include      system-auth
    account    include      system-auth
    session    include      system-auth
    session    required

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In