pam_tally2 not resetting counter automatically.
Issue
Currently We have the following entries in password-auth and system-auth to lock an account after 6 failures and clear the pam_tally2 records after 3600 seconds, however, it does not appear to be clearing them as expected.
auth required pam_tally2.so onerr=fail deny=6 unlock_time=3600
account required pam_tally2.so reset
For example:
- Make sure the counter is set to zero
- Attempt
denynumber of logins using wrong password, so the account is locked. - Wait for unlock_time
- check the counter using pam_tally2, it shows the number of failures instead of zero.
Environment
- Red Hat Enterprise Linux 5/6
- pam_tally2
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
