pam_tally2 not resetting counter automatically.
Issue
Currently We have the following entries in password-auth and system-auth
to lock an account after 6 failures and clear the pam_tally2 records after 3600 seconds, however, it does not appear to be clearing them as expected.
auth required pam_tally2.so onerr=fail deny=6 unlock_time=3600
account required pam_tally2.so reset
For example:
- Make sure the counter is set to zero
- Attempt
deny
number of logins using wrong password, so the account is locked. - Wait for unlock_time
- check the counter using pam_tally2, it shows the number of failures instead of zero.
Environment
- Red Hat Enterprise Linux 5/6
- pam_tally2
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.