LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-14-2020, 12:05 AM   #1
affinity0g
LQ Newbie
 
Registered: Jul 2020
Posts: 1

Rep: Reputation: Disabled
set up failed Login attempts, now linux password doesnt work?


I wanted to make it so that if 3 failed password attempts occur, the password cant be typed for at least 5-10minutes.

I did the following:

Add the following lines in the file “/etc/pam.d/common-auth”

auth required pam_tally2.so onerr=fail deny=3 unlock_time=300 audit
auth required pam_tally2.so onerr=fail deny=3 unlock_time=300 audit even_deny_root root_unlock_time=600

source: https://www.linuxtechi.com/lock-user...ttempts-linux/

Then I tested it running a sudo apt-get install call, purposely made 3 incorrect password attempts. Now whenever I make a sudo call, it always says the password is incorrect. Even after I restart the computer and even after more than 10 minutes has passed. Locking the workspace/unlocking and logging into the desktop works but seems like any sudo call or even a passwd change wont work. It recognizes my password as incorrect now.

I cant even edit that file anymore to remove those lines as it requires sudo.

How can i Fix this?
Why did this happen?

Many thanks!

Last edited by affinity0g; 07-14-2020 at 12:07 AM.
 
Old 07-14-2020, 06:50 PM   #2
berndbausch
LQ Addict
 
Registered: Nov 2013
Location: Tokyo
Distribution: Mostly Ubuntu and Centos
Posts: 6,316

Rep: Reputation: 1994Reputation: 1994Reputation: 1994Reputation: 1994Reputation: 1994Reputation: 1994Reputation: 1994Reputation: 1994Reputation: 1994Reputation: 1994Reputation: 1994
You can reset the root password by booting in single user mode or with the help of recovery media. Precise instructions vary depending on your distro.

I wonder if the "onerr=fail" option is the culprit here. The man page states, somewhat vaguely:
Quote:
If something weird happens (like unable to open the file), return with PAM_SUCCESS if onerr=succeed is given, else with the corresponding PAM error code.
Perhaps "something weird" is happening on your computer. I would set onerr=succeed as a first step. I would also check the various relevant log files for information about this problem, like /var/log/tallylog, /var/log/secure, /var/log/auth.log or whatever you have on your system. Then there is the pam_tally2 command, which might provide useful information as well.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
deian yum lock [ ERR] Reading state information E: Could not get lock /var/lock/aptit jayakumar01 Linux - Server 1 12-05-2011 11:26 AM
Lock after invalid login attempts, session lock, minimum password length nstarz Linux - Security 1 06-24-2010 05:36 PM
Configure Failed logins to lock accounts after 5 failed attempts mccartjd Linux - Newbie 5 05-05-2008 08:02 AM
Caps Lock and Num Lock leds dont work! npc Linux - Hardware 2 11-08-2005 10:40 AM
Why doesnt my USB mouse doesnt work? barkha Linux - Hardware 2 08-16-2005 11:31 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 10:11 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration