using pam_tally2 with dovecot

I recently configured some RHEL4 systems to use pam_tally2 to lock an account temporarily after several unsuccessful logins. This seems to work fine just by adding it to the "auth" section:

auth        required      /lib/security/$ISA/pam_tally2.so deny=5 unlock_time=900

However, I later found that if you're running dovecot (version 0.99.11-9 -- maybe it's been fixed since then), it doesn't reset the tally on a successful login; i.e. it does not call pam_setcred. So, if the user is only logging in via dovecot, and they are checking mail at an interval less than your reset time, eventually the account will get locked out!

To fix this, you have to call pam_tally2 in the "account" section to reset the tally. You can do this in either the "system-auth" file, or in the "dovecot" file:

account    required     /lib/security/$ISA/pam_tally2.so

Setting up a Linux system with a 3.5TB disk

As mentioned in my last post, I have this remote linux system with 3.5TB of disk, but broken into two LVMs. I want most of the storage to be in one big disk.


Today I had my remote monkey put the RHEL4 WS DVD in the machine and rebooted it. I entered the RAID BIOS (Dell PERC 5/i) to delete the existing virtual disks. I then created two new virtual disks -- one of 250GB for the OS, and one of the remaining 3.4TB for the data.

I booted from the RHEL DVD and entered "rescue" mode, because anaconda does not support making GPT disks. Then I entered

parted /dev/sdb
mklabel gpt
mkpart primary 0 3571900M
quit

Then:

mkfs.ext3 /dev/sdb1

Making the EXT3 FS took about 22 minutes.

That's mostly it! I rebooted and ran anaconda this time, setting up LVM on /dev/sda (except /boot, of course). I left /dev/sdb alone.