- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - Linux
- >
- lock an user account
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-02-2010 02:18 AM
тАО08-02-2010 02:18 AM
lock an user account
I have "Red Hat Enterprise Linux Server release 5.5 (Tikanga)" on an Itanium Machine.
I want to set user privilege such that when a user attempts certain amount of unsuccessful logins, his account gets locked.
Regards
Arun Jain
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-02-2010 02:48 AM
тАО08-02-2010 02:48 AM
Re: lock an user account
For Command Base Configuration follow the below link for reference.
http://www.cyberciti.biz/tips/rhel-centos-fedora-linux-log-failed-login.html
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-02-2010 05:00 AM
тАО08-02-2010 05:00 AM
Re: lock an user account
and edit the below line
auth required /lib/security/$ISA/pam_tally.so onerr=fail no_magic_root deny=3
this defines that when the user trying to login with unsuccessful logins for 3 times, user gets locked.
To unlock faillog -r -a
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-02-2010 09:11 AM
тАО08-02-2010 09:11 AM
Re: lock an user account
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-03-2010 07:08 AM
тАО08-03-2010 07:08 AM
Re: lock an user account
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-04-2010 11:25 AM
тАО08-04-2010 11:25 AM
Re: lock an user account
/var/log/faillog file were log gets generated.PAM Configuration to recored failed login attempts. Open /etc/pam.d/system-auth file:
[root@rac1 ishwar]# vi /etc/pam.d/system-auth
Append following 2 entry of pam_tally.so modules:
auth required pam_tally.so no_magic_root
account required pam_tally.so deny=3 no_magic_root lock_time=180
How to unlock the Lock Account
Syntax :-
/sbin/pam_tally: [--file rooted-filename] [--user username] [--reset[=n]] [--quiet]
[root@rac1 ishwar]# /sbin/pam_tally --user vivek --reset --quiet
How do I display all failed login attempts for user vivek?
[root@rac1 ishwar]# faillog -u vivek
Login Failures Maximum Latest On
vivek 3 0 12/19/07 14:12:53 -0600 64.11.xx.yy
Display faillog records for all users.
Use the -a option:
[root@rac1 ishwar]# faillog -a
How do I reset the counters of login failures?
The -r option can reset the counters of login failures or one record if used with the -u USERNAME option:
[root@rac1 ishwar]# faillog -r
[root@rac1 ishwar]# faillog -r -u vivek <-- only reset counter for vivek user
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-04-2010 11:59 AM
тАО08-04-2010 11:59 AM
Re: lock an user account
To do this, you will need to write a shell script that checks output from lastb and issues a passwd -l
Or you can install a third party product like E-trust.
Or you can use a ldap/nis central login server that can be configured to this task.
Linux out of the box seems to just let bad logins go on, and on and on and on...etc
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com