Bug: Once you perform the below users are warned of a minimum of one failed login, even though no failed logins occurred. Everyone (but root) reports on the screen at least one failed login however, when an actual failed login occurs the system reports it correctly and increases the number of failed logins from that point. Resolution
•Add the below lines to /etc/pam.d/gdm-password file.
session required pam_lastlog.so showfailed
session optional pam_exec.so /bin/sleep 9
•For example :
Raw
# cat /etc/pam.d/gdm-password
auth [success=done ignore=ignore default=bad] pam_selinux_permit.so
auth substack password-auth
auth optional pam_gnome_keyring.so
account required pam_nologin.so
account include password-auth
password substack password-auth
password optional pam_gnome_keyring.so
session required pam_selinux.so close
session required pam_loginuid.so
session optional pam_console.so
session required pam_selinux.so open
session optional pam_keyinit.so force revoke
session required pam_namespace.so
session optional pam_gnome_keyring.so auto_start
session include password-auth
session required pam_lastlog.so showfailed <----=========
session optional pam_exec.so /bin/sleep 9 <----========= [Added these 2 lines]
What I did to correct issue:
Force log rotation, logrotate –vf /etc/logrotate.conf (read screen to determine if it’s necessary to rename any archived wtmp and btmp logged files)
Modified /etc/pam.d/gdm-password to include two other values, see below:
session required pam_lastlog.so nowtmp silent showfailed
For details on the RHEL Bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1021108
and
https://bugzilla.redhat.com/show_bug.cgi?id=1047077
Afterwards, from the GUI drop down, System > Administration > Authentication – select TAB Advance Options; uncheck Enable Fingerprint Reader Support. When you change this one time all settings will apply to all users.
After performing the above steps, reboot may be necessary.
Using entry pam_lastlog.so showfailed in password-auth or system-auth
