pam_tally2 does not lock account after the number of failed attempts.

Latest response

Hi ,

I am trying to implement the user lockout after certain number of failed login attempts in RH5.6. Here is the contents of system-auth file.

 

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth        required      /lib/security/$ISA/pam_deny.so
auth        required      /lib/security/$ISA/pam_tally.so onerr=fail no_magic_ro
ot

account     required      /lib/security/$ISA/pam_unix.so
account     required      /lib/security/$ISA/pam_tally.so per_user deny=3 no_mag
ic_root reset

password    required      /lib/security/$ISA/pam_cracklib.so retry=3 minlen=8 lc
redit=-1 ucredit=-1 dcredit=-1 difok=3
password    sufficient    /lib/security/$ISA/pam_unix.so nullok use_authtok md5
shadow remember=8
password    required      /lib/security/$ISA/pam_deny.so

session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.so

 

After 3 failure attempts, if i type the right password, sytem allows the user to login and reset the failure count.

 

Sree

Responses