- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - Linux
- >
- User does not locked
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-25-2013 03:19 AM
06-25-2013 03:19 AM
User does not locked
I have this configuration on the server:
# cat /etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth required pam_tally2.so deny=3 onerr=fail
auth sufficient pam_unix.so try_first_pass
auth required pam_deny.so
account required pam_unix.so
account required pam_tally2.so
account required pam_permit.so
password required pam_cracklib.so retry=3 dcredit=-1 ucredit=-1 ocredit=-1 lcredit=-1 minlen=8
password sufficient pam_unix.so md5 shadow try_first_pass use_authtok remember=10
password required pam_deny.so
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet
session required pam_unix.so
With: Red Hat Enterprise Linux Server release 5.8
In this configuration with deny=3, when one user put 3 wrong passwd the user locked.
It it possible to do that one user doesn't locked if they put 3 wrongs passwd?
How I do it?
Thanks a lot of!
Carmen.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-25-2013 10:07 PM
06-25-2013 10:07 PM
Re: User does not locked
Your configuration actually already has a good example in it:
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet
This line will skip the next rule if the pam_succeed_if.so conditions match, otherwise it will do nothing.
So add a line just before the "auth ... pam_tally2.so" line, like this:
[...] auth [success=1 default=ignore] pam_succeed_if.so user in someuser quiet auth required pam_tally2.so deny=3 onerr=fail [...]
If you need to exclude more than one user from pam_tally2 processing, you can use a colon-separated list of usernames,
like this: "...pam_succeed_if.so user in user1:user2:user3".
Or you can create a group (for example "nolock") and set the pam_succeed_if condition like this: "... pam_succeed_if.so user ingroup nolock". Then add the users that should not be locked by pam_tally2 to the "nolock" group.