pam_tally2 not resetting counter automatically.

Issue

Currently We have the following entries in password-auth and system-auth to lock an account after 6 failures and clear the pam_tally2 records after 3600 seconds, however, it does not appear to be clearing them as expected.

auth    required        pam_tally2.so   onerr=fail deny=6 unlock_time=3600
account required        pam_tally2.so   reset

For example:

Make sure the counter is set to zero
Attempt deny number of logins using wrong password, so the account is locked.
Wait for unlock_time
check the counter using pam_tally2, it shows the number of failures instead of zero.

Environment

Red Hat Enterprise Linux 5/6
pam_tally2

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content

Select Your Language

pam_tally2 not resetting counter automatically.

Issue

Environment

Subscriber exclusive content

Current Customers and Partners

New to Red Hat?

Using a Red Hat product through a public cloud?

Quick Links

Help

Site Info

Related Sites

About

Red Hat legal and privacy links

Red Hat legal and privacy links

Issue

Environment

Subscriber exclusive content

Current Customers and Partners

New to Red Hat?

Using a Red Hat product through a public cloud?

Quick Links

Help

Site Info

Related Sites

Systems Status

About

Red Hat legal and privacy links

Red Hat legal and privacy links