# What are the effects of disabling pam tally?

## Philippe23

Recently, I've been getting hundreds of PAM Tally overflow for root in my logs:

 *Quote:*   

> Dec 17 18:40:16 localhost sshd[6174]: pam_tally2(sshd:auth): Tally overflowed for user root
> 
> Dec 17 18:40:28 localhost sshd[6189]: pam_tally2(sshd:auth): Tally overflowed for user root

 

I've been running "sudo pam_tally --file /var/log/tallylog --reset" to get rid of these warnings when they pop up, and they stay away for a little while.

I have "PermitRootLogin no" set in /etc/sshd_config, so I'm not too concerned about these specific lines.  I'm also running denyhosts to protect SSH, and fail2ban to protect other services (SMTP, POP, IMAP, etc).

Is there a way to disable tally?  Is it safe to do so?

Here's my /etc/pam.d/system-login for reference -- it's the only thing in /etc/pam.d/ that references tally.  (I've never modified it myself.)

 *Quote:*   

> auth            required        pam_tally2.so onerr=succeed
> 
> auth            required        pam_shells.so
> 
> auth            required        pam_nologin.so
> ...

 

----------

## charles17

Sorry, I cannot answer your question.  But do you really need pam at all? https://forums.gentoo.org/viewtopic-t-1000290-highlight-pam.html

----------

