So in digging through all this, I&#39;m finding a couple of things that either aren&#39;t working right or that will require alterations to my current configuration to comply.<div><br></div><div><div>Where do I ask the following questions? It seems that this group isn&#39;t the place, but my google-fu is coming up short.</div>

<div><br></div><div><div>auth pam_tally2 ... deny=5 </div></div><div>in /etc/pam.d/system_auth doesn&#39;t appear to reset if I successfully enter my password after a failure. Eventually I get locked out and the audit scripts do not appear to allow &quot;unlock=&quot;</div>

<div>What is the best practice for application of pam_tally2? </div><div><br></div><div>SRG requires no .forward files. I currently do some data processing on automated emails via procmail configured in .forward in a dedicated user. What is the best practice for configuring such?</div>

<div><br></div><div>Andrew</div></div><div><br></div>