pam_faillock prints "Consecutive login failures for user root account temporarily locked" without even_deny_root

Solution Verified - Updated -

Issue

pam_faillock prints Consecutive login failures for user root account temporarily locked without even_deny_root option

  • pam_faillock/faillock.conf contains default configuration. e.g. both even_deny_root and root_unlock_time are commented out. root account should not be locked for failed login attempts.

  • However, when root deliberately authenticate with incorrect password, below error message is logged in /var/log/secure although the account is not actually locked.

    pam_faillock(su-l:auth): Consecutive login failures for user root account temporarily locked

  • After this error message is recorded in /var/log/secure, root is able to login successfully with correct password.

Environment

  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux 8
  • Red Hat Enterprise Linux 9
    • PAM

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content