Originally Posted by jayakrishnan
faillog command doesnt allow u to set for how much time the account will be disabled , u can only set the number of failed logins before the account is locked
Firstly I used the faillog command to set all the user max 0, lock time 0
faillog -a -m 0 -l 0
then i set the /etc/pam.d/login
#auth required pam_securetty.so
auth required pam_pwdb.so shadow nullok
auth required pam_nologin.so
account required pam_pwdb.so
account required pam_tally.so deny=2 lock_time=180 no_magic_root
password required pam_cracklib.so
password required pam_pwdb.so shadow nullok use_authtok
session required pam_pwdb.so
but it does not work.
i don't know why?
i will try it again, someone could give me advice?