Hi, i had recently installed installed pam_0.79 on suse 8.2. The system default
version was pam o.77-38. The reason i upgrade to 0.79 is because it has "unlock
_time" function in the pam_tally.so. Therefore i added the following line to my
/etc/pam.d/login file:

auth required pam_tally.so deny=2 unlock_time=20

It works fine except on my very first successful login attempt, it prompt that i
had 1 failure login previously. If i had 1 failed login, it will reflect 2 fail
ed login instead and so on. After i checked my /var/log/messages, it prompt that
"tally underflowed". However, if i add a magic_root to the line:

auth required pam_tally.so deny=2 unlock_time=20 magic_root

the number of failed login becomes correct. However, the denying mechanism fails
. It won't deny me after 2 failed login anymore. That is to say, even i login 20
times with the wrong password on the same account, I am still able to login on
the next suceessful attempt.

Therefore below are the few questions I hope you may help me solve my queries:
1. Can I just download and install pam_0.79 on my suse 8.2 machine
2. Will it be compatible on Suse 8 or I had to uninstall my pam_0.77-38
3. Is my login file written correctly
4. Any idea where has gone wrong

Thank you assisting me!

Thank you