How to use pam_faillock in Red Hat Enterprise Linux 6 & 7 to lockout users due to successive failed login attempts

Solution Verified - Updated -

Issue

  • What is pam_faillock?
  • How to implement account lockout policy using pam_faillock.so?
  • How do I use pam_faillock in RHEL7?
  • pam_tally is deprecated in RHEL6, what can I use instead?
  • How do I reset/view failed login attempts for a user with faillock?
  • How can I exclude users from being locked out by pam_faillock?
  • Since faillog command (pam_tally) is not available in RHEL 6, how do I use pam_faillock instead?
  • pam_tally counter reset does not work correctly

Environment

  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux 6
  • PAM
  • pam_faillock.so

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content