[X-Newbies] Is This List Dead?

[Chris]

On 7/10/06 W Lane wrote:
>I would not say dead, but rather quiet.

OK then, I'll try to liven it up :-)

Can anyone tell me anything about PAM authentication?  Basically what I
want to do  is set out below (there may be spurious line endings - I'm
not sure), to keep out SSH hackers.   Presumably if I'm going to allow
(say) 4 failed attempts, the line should read:
file=/var/log/faillog deny=3 no_magic_root even_deny_root_account 

Also I'm not sure how to set up a Cron job.  

One thing I have noted is that there does not seem to be a /etc/pam.d/
system-auth file in the desktop version of OSX so it may be this is not
doable.

Place:

auth required /lib/security/$ISA/pam_tally.so no_magic_root 
onerr=fail 
account    required      /lib/security/$ISA/pam_tally.so onerr=fail 
file=/var/log/faillog deny=1 no_magic_root even_deny_root_account 

in my /etc/pam.d/system-auth file. That kills login if you type a bad
password just 
twice. I reset it with a cron job every hour during the day when I'm
working in case I 
screw up twice (" /sbin/pam_tally --reset") but not at night. 

cheers,

Chris