Hi folks,

I am trying to harden a production system running rhel 5.4
My problem is with pam_tally2.I want pam_tally2 to lockout almos all users
after 3 failled attempts,i can do that easilly with deny=3.My problem
is that for some users or for a specific group i want pam_tally2 not to lock
their accounts not matter how many attempts they trie,to prevent a denial
of service attack.Any idea on how to do this,

Much appreciated

p.s seems that the per_user option is not working as expected,meaning
that even if i setup a faillog -m 0 username pam_tally2 overwrites that
every time i login with m=3 for all users,perhaps i am missing something here.