Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi all, i want set login failure times, which enables admin to specify a maximum number of failed login attempts (n) and a penalty lockout time (x), such that after "n" failed login attempts a user is locked out for "x" seconds .
For example, the policy could dictate 3 failed attempts followed by a 180 second lockout penalty.
I set the policy uses pam Lib, but it still does not work now.
Please told me how to setting the /etc/pam.conf or /etc/pam.d/****
I am not sure about RH9, but CENTOS 4.2 contains a command called faillog which provides an option to lock out users after "max" failed login attempts.
I am not sure about RH9, but CENTOS 4.2 contains a command called faillog which provides an option to lock out users after "max" failed login attempts.
Mike
hi
I think, your information is valuable to me. Could you give me the detail information about the command. Thanks.
Last edited by CharlieCai; 05-31-2006 at 08:08 PM.
See
man faillog
although RH9 is a very very old version and may not have it. Also, you can't get security updates etc.
Recommend you move up to RH Fedora Core 5 (http://fedora.redhat.com/Download/) or grab a copy of Centos http://www.centos.org/ .
but i think the PAM is enough to set this, the parameters setting or sequences i setting is not OK. i will try it. if any one who enable this policy, could you let me reference the /etc/pam.d/login file.
faillog command doesnt allow u to set for how much time the account will be disabled , u can only set the number of failed logins before the account is locked
faillog command doesnt allow u to set for how much time the account will be disabled , u can only set the number of failed logins before the account is locked
Firstly I used the faillog command to set all the user max 0, lock time 0
faillog -a -m 0 -l 0
then i set the /etc/pam.d/login
Now I made it.
This is the /etc/pam.d/login.conf
# Charlie 2226.06.05
auth required pam_tally.so onerr=fail no_magic_root
auth required pam_pwdb.so shadow nullok
auth required pam_nologin.so
Hi Charlie,
I have the same problem and I tried with your /etc/pam.d/login file, but it doesn't work for me, so I would like to know which version of pam are you using, and if you have modified the file /etc/pam.d/system-auth or any other file.
Hi Charlie,
I have the same problem and I tried with your /etc/pam.d/login file, but it doesn't work for me, so I would like to know which version of pam are you using, and if you have modified the file /etc/pam.d/system-auth or any other file.
Thanks in advance,
Angela
PS. I have RedHat 9.C with pam 0.75-48
I made a mistake in this.
I just can control the silent time that the lock the user in the configure as blow: but not close the session.
Code:
#%PAM-1.0
#this file is modify by Charlie.
#add start for silent time
auth required pam_tally.so deny=2 unlock_time=60 no_lock_time
#add end for silent time
auth required pam_pwdb.so shadow nullok
auth required pam_nologin.so
account required pam_pwdb.so
#add start for silent time
account required pam_tally.so
#add end for silent time
account required pam_pwdb.so
password required pam_cracklib.so
password required pam_pwdb.so shadow nullok use_authtok
session required pam_pwdb.so
Now i am busy trying the shadow-4.0.16. It was just released at Jun 4. and add new function to contol the login session.
login.c of shadow-4.0.16 support /etc/login.defs.
It has two macro is useful for us.
LOGIN_RETRIES 3
LOGIN_TIMEOUT 20
It is all my work now.
if you get more progress, please let me know.
Thanks.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
