pam_tally2 not resetting counter automatically.

Solution Unverified - Updated -

Issue

Currently We have the following entries in password-auth and system-auth to lock an account after 6 failures and clear the pam_tally2 records after 3600 seconds, however, it does not appear to be clearing them as expected.

auth    required        pam_tally2.so   onerr=fail deny=6 unlock_time=3600
account required        pam_tally2.so   reset

For example:

  • Make sure the counter is set to zero
  • Attempt deny number of logins using wrong password, so the account is locked.
  • Wait for unlock_time
  • check the counter using pam_tally2, it shows the number of failures instead of zero.

Environment

  • Red Hat Enterprise Linux 5/6
  • pam_tally2

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In