pam_tally2 not resetting counter automatically.

Solution Unverified - Updated -

Issue

Currently We have the following entries in password-auth and system-auth to lock an account after 6 failures and clear the pam_tally2 records after 3600 seconds, however, it does not appear to be clearing them as expected.

auth    required        pam_tally2.so   onerr=fail deny=6 unlock_time=3600
account required        pam_tally2.so   reset

For example:

  • Make sure the counter is set to zero
  • Attempt deny number of logins using wrong password, so the account is locked.
  • Wait for unlock_time
  • check the counter using pam_tally2, it shows the number of failures instead of zero.

Environment

  • Red Hat Enterprise Linux 5/6
  • pam_tally2

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.