[sudo-users] Sudo on RHEL6 and pam_tally2
Todd C. Miller
Todd.Miller at courtesan.com
Wed Apr 27 09:37:29 EDT 2011
On Wed, 27 Apr 2011 09:20:15 EDT, "Todd C. Miller" wrote:
> Newer versions of sudo wait until the command is complete before
> closing the PAM session whereas before sudo would close the session
> and then execute the program. I suspect it is this change that
> fixed pam_tally2.
Hmm, actually, I'm not able to reproduce the problem with sudo
1.7.2p2, either built from source or via the RHEL6 rpm. The following
is using the RHEL6 rpm with this line in /etc/pam.d/sudo:
auth required pam_tally2.so deny=4 even_deny_root unlock_time=1200
rh6 [~] % sudo -V
Sudo version 1.7.2p2
rh6 [~] % sudo pam_tally2 -u millert
Login Failures Latest failure From
millert 10 04/27/11 09:32:47 rh6
rh6 [~] % sudo -k
rh6 [~] % sudo id
[sudo] password for millert:
Sorry, try again.
[sudo] password for millert:
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
rh6 [~] % sudo pam_tally2 -u millert
Login Failures Latest failure From
millert 11 04/27/11 09:34:05 rh6
rh6 [~] % sudo -k
rh6 [~] % sudo id
[sudo] password for millert:
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
rh6 [~] % sudo pam_tally2 -u millert
Login Failures Latest failure From
millert 11 04/27/11 09:34:05 rh6
More information about the sudo-users
mailing list