HPE Community
Operating System - Linux
1826268 Members
3780 Online
109692 Solutions
New Discussion

Linux user account

 
SOLVED
Go to solution
jitjose
Advisor

‎08-06-2012 03:12 AM

‎08-06-2012 03:12 AM

Linux user account

hi friends,

Need help in locking an Linux user account after three failed logins. The server is RHEL, and i tried the PAM settings, but doesn't seem to work with RHEL. The Linux accounts are configured to login using ssh authentication.

If somebody can help me on this, I would really appreciate it.

Thanks.

0 Kudos
Reply
1 REPLY 1
Matti_Kurkela
Honored Contributor

‎08-06-2012 07:38 AM

‎08-06-2012 07:38 AM

Solution

Re: Linux user account

Which version of RHEL? ("cat /etc/redhat-release" please)

 

Depending on the version, the PAM module you'll need is either pam_tally.so or pam_tally2.so.

 

You must add the tally module to both "auth" and "account" phases in the PAM configuration: the "auth" phase increments the user's login count and rejects the login if the count is too high, the "account" phase resets the counter when a login is successful.

 

The ordering of PAM configuration entries is important and non-trivial. The RedHat Knowledge Base has several articles on configuring pam_tally:

 

Recommended configuration with pam_tally2:

https://access.redhat.com/knowledge/solutions/37687

 

With some versions (using the older pam_tally) the count may be wrong when using SSH (my guess: an attempt to use SSH key authentication may count as one login attempt?):

https://access.redhat.com/knowledge/solutions/67401

 

When the number of failed logins causes the login to be rejected, the message in the system logs may not be obvious, as with sudo:

https://access.redhat.com/knowledge/solutions/43006

MK
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.