Account lock after failed login attempts
I'm new to these forums and this is my first post.
I'm trying to lock an account after a number of failed login attempts in a RHEL5. This is the relevant configuration in /etc/pam.d/system-auth
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so
# added to limit number of unsuccessful login attempts
auth required pam_tally.so onerr=fail deny=3 lock_time=4
account required pam_unix.so
account sufficient pam_succeed_if.so uid < 500 quiet
account required pam_permit.so
account required pam_tally.so
In the logs I can see how the count of failed logins increase and exceeds my deny option but the account isn't locked
pam_tally(sshd:auth): user user (503) tally 4, deny 3
pam_tally(sshd:auth): user user (503) tally 5, deny 3
Do I need any other option in the PAM file? Is there any other way to lock an account?
might help. Your best bet for RedHat Enterprise 5 answers, would be RedHat support. You're paying for access with your RedHat subscription.
I will try those links and the RedHat support.
This works for me.
I think fail2ban will make your life much easier. It does exactly what you are trying to do: ban an account (or ip) after a set number of failed logins. HTH
Hi Thanks Tanveer your solution also works for me thanks a ton..
|All times are GMT -5. The time now is 05:09 PM.|