Hi All,

I am trying to lockout users who have 3 failed password attempts for 15 minutes. I have added these 2 lines to my /etc/pam.d/system-auth (Centos 4.4):

auth required /lib/security/$ISA/pam_tally.so onerr=fail no-magic-root unlock_time=900

account required /lib/security/$ISA/pam_tally.so deny=3 no_magic_root reset per_user

I created the /var/log/faillog file as well.

I can get the system to lock me out after 3 failed attempts, but it will not let me in after 15 minutes. Any suggestions?

ps--I tried removing the "per_user", but still no luck.

Thanks

Hi Jonfa,
I am trying to config my pam also. Tricky. I am finding some of my errors show up in the /var/log/messages file. I just grep -i pam and see what pops up. For example, my lock_time=20 errored out. The log may give you some idea of what is not working. Just an idea.

I am new to linux but know sun & hp. Linux is a different beast. Wish I knew of a good pam book. Good luck.
Linda