pam_tally2 not resetting counter automatically.

Solution Unverified - Updated -


Currently We have the following entries in password-auth and system-auth to lock an account after 6 failures and clear the pam_tally2 records after 3600 seconds, however, it does not appear to be clearing them as expected.

auth    required   onerr=fail deny=6 unlock_time=3600
account required   reset

For example:

  • Make sure the counter is set to zero
  • Attempt deny number of logins using wrong password, so the account is locked.
  • Wait for unlock_time
  • check the counter using pam_tally2, it shows the number of failures instead of zero.


  • Red Hat Enterprise Linux 5/6
  • pam_tally2

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In