cancel
Showing results for 
Search instead for 
Did you mean: 

Linux user account

SOLVED
Go to solution
jitjose
Advisor

Linux user account

hi friends,

Need help in locking an Linux user account after three failed logins. The server is RHEL, and i tried the PAM settings, but doesn't seem to work with RHEL. The Linux accounts are configured to login using ssh authentication.

If somebody can help me on this, I would really appreciate it.

Thanks.

1 REPLY
Matti_Kurkela
Honored Contributor
Solution

Re: Linux user account

Which version of RHEL? ("cat /etc/redhat-release" please)

 

Depending on the version, the PAM module you'll need is either pam_tally.so or pam_tally2.so.

 

You must add the tally module to both "auth" and "account" phases in the PAM configuration: the "auth" phase increments the user's login count and rejects the login if the count is too high, the "account" phase resets the counter when a login is successful.

 

The ordering of PAM configuration entries is important and non-trivial. The RedHat Knowledge Base has several articles on configuring pam_tally:

 

Recommended configuration with pam_tally2:

https://access.redhat.com/knowledge/solutions/37687

 

With some versions (using the older pam_tally) the count may be wrong when using SSH (my guess: an attempt to use SSH key authentication may count as one login attempt?):

https://access.redhat.com/knowledge/solutions/67401

 

When the number of failed logins causes the login to be rejected, the message in the system logs may not be obvious, as with sudo:

https://access.redhat.com/knowledge/solutions/43006

MK