pam_tally lockout time issue
Hi All,
I am trying to lockout users who have 3 failed password attempts for 15 minutes. I have added these 2 lines to my /etc/pam.d/system-auth (Centos 4.4):
auth required /lib/security/$ISA/pam_tally.so onerr=fail no-magic-root unlock_time=900
account required /lib/security/$ISA/pam_tally.so deny=3 no_magic_root reset per_user
I created the /var/log/faillog file as well.
I can get the system to lock me out after 3 failed attempts, but it will not let me in after 15 minutes. Any suggestions?
ps--I tried removing the "per_user", but still no luck.
Thanks
|