Currently We have the following entries in
password-auth and system-auth to lock an account after 6 failures and clear the pam_tally2 records after 3600 seconds, however, it does not appear to be clearing them as expected.
auth required pam_tally2.so onerr=fail deny=6 unlock_time=3600 account required pam_tally2.so reset
- Make sure the counter is set to zero
denynumber of logins using wrong password, so the account is locked.
- Wait for unlock_time
- check the counter using pam_tally2, it shows the number of failures instead of zero.
- Red Hat Enterprise Linux 5/6
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.