Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
 |
GNU/Linux Basic Guide
This 255-page guide will provide you with the keys to understand the philosophy of free software, teach you how to use and handle it, and give you the tools required to move easily in the world of GNU/Linux. Many users and administrators will be taking their first steps with this GNU/Linux Basic guide and it will show you how to approach and solve the problems you encounter.
Click Here to receive this Complete Guide absolutely free. |
|
 |
05-31-2006, 02:16 AM
|
#1
|
|
LQ Newbie
Registered: May 2006
Posts: 7
Rep: 
|
how to set the login failure times?
Hi all, i want set login failure times, which enables admin to specify a maximum number of failed login attempts (n) and a penalty lockout time (x), such that after "n" failed login attempts a user is locked out for "x" seconds .
For example, the policy could dictate 3 failed attempts followed by a 180 second lockout penalty.
I set the policy uses pam Lib, but it still does not work now.
Please told me how to setting the /etc/pam.conf or /etc/pam.d/****
My OS is redhat 9.
|
|
|
|
|
05-31-2006, 11:12 AM
|
#2
|
|
LQ Newbie
Registered: Feb 2006
Distribution: CentOS-4
Posts: 19
Rep:
|
Hello,
I am not sure about RH9, but CENTOS 4.2 contains a command called faillog which provides an option to lock out users after "max" failed login attempts.
Mike
|
|
|
|
|
05-31-2006, 08:06 PM
|
#3
|
|
LQ Newbie
Registered: May 2006
Posts: 7
Original Poster
Rep:
|
Quote:
|
Originally Posted by mekump
Hello,
I am not sure about RH9, but CENTOS 4.2 contains a command called faillog which provides an option to lock out users after "max" failed login attempts.
Mike
|
hi
I think, your information is valuable to me. Could you give me the detail information about the command. Thanks.
Last edited by CharlieCai; 05-31-2006 at 08:08 PM.
|
|
|
|
|
05-31-2006, 09:25 PM
|
#4
|
|
Guru
Registered: Aug 2004
Location: Brisbane
Distribution: Centos 6.4, Centos 5.9
Posts: 15,026
|
See
man faillog
although RH9 is a very very old version and may not have it. Also, you can't get security updates etc.
Recommend you move up to RH Fedora Core 5 ( http://fedora.redhat.com/Download/) or grab a copy of Centos http://www.centos.org/ . |
|
|
|
|
05-31-2006, 11:46 PM
|
#5
|
|
LQ Newbie
Registered: May 2006
Posts: 7
Original Poster
Rep:
|
but i think the PAM is enough to set this, the parameters setting or sequences i setting is not OK. i will try it. if any one who enable this policy, could you let me reference the /etc/pam.d/login file.
|
|
|
|
|
06-01-2006, 01:29 AM
|
#6
|
|
Member
Registered: Feb 2002
Location: India
Distribution: Slacky 12.1, XP
Posts: 991
Rep: 
|
faillog command doesnt allow u to set for how much time the account will be disabled , u can only set the number of failed logins before the account is locked
|
|
|
|
|
06-01-2006, 02:28 AM
|
#7
|
|
LQ Newbie
Registered: May 2006
Posts: 7
Original Poster
Rep:
|
Quote:
|
Originally Posted by jayakrishnan
faillog command doesnt allow u to set for how much time the account will be disabled , u can only set the number of failed logins before the account is locked
|
Firstly I used the faillog command to set all the user max 0, lock time 0
faillog -a -m 0 -l 0
then i set the /etc/pam.d/login
#%PAM-1.0
#auth required pam_securetty.so
auth required pam_pwdb.so shadow nullok
auth required pam_nologin.so
account required pam_pwdb.so
account required pam_tally.so deny=2 lock_time=180 no_magic_root
password required pam_cracklib.so
password required pam_pwdb.so shadow nullok use_authtok
session required pam_pwdb.so
but it does not work.
i don't know why?
i will try it again, someone could give me advice? |
|
|
|
|
06-05-2006, 06:18 AM
|
#8
|
|
LQ Newbie
Registered: May 2006
Posts: 7
Original Poster
Rep:
|
Now I made it.
This is the /etc/pam.d/login.conf
# Charlie 2226.06.05
auth required pam_tally.so onerr=fail no_magic_root
auth required pam_pwdb.so shadow nullok
auth required pam_nologin.so
account required pam_pwdb.so
account required pam_tally.so onerr=fail per_user deny=2 lock_time=120 no_magic_root reset
password required pam_cracklib.so
password required pam_pwdb.so shadow nullok use_authtok
session required pam_pwdb.so
Thanks all
|
|
|
|
|
06-05-2006, 07:17 AM
|
#9
|
|
LQ Newbie
Registered: May 2006
Posts: 3
Rep:
|
Hi Charlie,
I have the same problem and I tried with your /etc/pam.d/login file, but it doesn't work for me, so I would like to know which version of pam are you using, and if you have modified the file /etc/pam.d/system-auth or any other file.
Thanks in advance,
Angela
PS. I have RedHat 9.C with pam 0.75-48
|
|
|
|
|
06-14-2006, 03:27 AM
|
#10
|
|
LQ Newbie
Registered: May 2006
Posts: 7
Original Poster
Rep:
|
Quote:
|
Originally Posted by wuicci
Hi Charlie,
I have the same problem and I tried with your /etc/pam.d/login file, but it doesn't work for me, so I would like to know which version of pam are you using, and if you have modified the file /etc/pam.d/system-auth or any other file.
Thanks in advance,
Angela
PS. I have RedHat 9.C with pam 0.75-48
|
I made a mistake in this.
I just can control the silent time that the lock the user in the configure as blow: but not close the session.
Code:
#%PAM-1.0
#this file is modify by Charlie.
#add start for silent time
auth required pam_tally.so deny=2 unlock_time=60 no_lock_time
#add end for silent time
auth required pam_pwdb.so shadow nullok
auth required pam_nologin.so
account required pam_pwdb.so
#add start for silent time
account required pam_tally.so
#add end for silent time
account required pam_pwdb.so
password required pam_cracklib.so
password required pam_pwdb.so shadow nullok use_authtok
session required pam_pwdb.so
Now i am busy trying the shadow-4.0.16. It was just released at Jun 4. and add new function to contol the login session.
login.c of shadow-4.0.16 support /etc/login.defs.
It has two macro is useful for us.
LOGIN_RETRIES 3
LOGIN_TIMEOUT 20
It is all my work now.
if you get more progress, please let me know.
Thanks. |
|
|
|
| Thread Tools |
Search this Thread |
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -5. The time now is 08:26 PM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
