Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Do you want to limit “attempts” to login into the system, or the “number of logins” per user at a time? The former is usually set up in the firewall, while the latter is in “limits.conf”.
Distribution: RHEL, CentOS, Debian, Oracle Solaris 10
Posts: 1,420
Rep:
First-of-all you please provide complete information, like which OS you are using?
Depending on the distribution,
In my case:
go to --- /etc/pam.d/system-auth
append auth required pam_tally.so onerr=fail deny=5 unlock_time=21600
Where,
(a) deny=5 - Deny access if tally for this user exceeds 5 times.
(b) unlock_time=21600 - Allow access after 21600 seconds(6 hours) after failed attempt. If this option is used the user will be locked out for the specified amount of time after he exceeded his maximum allowed attempts. Otherwise the account is locked until the lock is removed by a manual intervention of the system administrator.
(c) onerr=fail - If something weird happens(like unable to open the file), return with PAM_SUCESS if onerr=succeed is given, else with the corresponding PAM error code.
Try in your OS and let us know.
Last edited by Satyaveer Arya; 02-27-2012 at 07:22 AM.
Just a note. Anyone using Fedora 16 and want to attempt the same thing. Modify the line to use pam_tally2.so
"auth required pam_tally2.so onerr=fail deny=5 unlock_time=21600"
To show login attempts use:
pam_tally2 --user admin
To reset locked account use:
pam_tally2 --user admin --reset
Last edited by cwilliams6419; 02-28-2012 at 10:43 PM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.