Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 07-14-2020, 01:05 AM   #1
LQ Newbie
Registered: Jul 2020
Posts: 1

Rep: Reputation: Disabled
set up failed Login attempts, now linux password doesnt work?

I wanted to make it so that if 3 failed password attempts occur, the password cant be typed for at least 5-10minutes.

I did the following:

Add the following lines in the file “/etc/pam.d/common-auth”

auth required onerr=fail deny=3 unlock_time=300 audit
auth required onerr=fail deny=3 unlock_time=300 audit even_deny_root root_unlock_time=600


Then I tested it running a sudo apt-get install call, purposely made 3 incorrect password attempts. Now whenever I make a sudo call, it always says the password is incorrect. Even after I restart the computer and even after more than 10 minutes has passed. Locking the workspace/unlocking and logging into the desktop works but seems like any sudo call or even a passwd change wont work. It recognizes my password as incorrect now.

I cant even edit that file anymore to remove those lines as it requires sudo.

How can i Fix this?
Why did this happen?

Many thanks!

Last edited by affinity0g; 07-14-2020 at 01:07 AM.
Old 07-14-2020, 07:50 PM   #2
LQ Addict
Registered: Nov 2013
Location: Tokyo
Distribution: Mostly Ubuntu and Centos
Posts: 6,316

Rep: Reputation: 2001Reputation: 2001Reputation: 2001Reputation: 2001Reputation: 2001Reputation: 2001Reputation: 2001Reputation: 2001Reputation: 2001Reputation: 2001Reputation: 2001
You can reset the root password by booting in single user mode or with the help of recovery media. Precise instructions vary depending on your distro.

I wonder if the "onerr=fail" option is the culprit here. The man page states, somewhat vaguely:
If something weird happens (like unable to open the file), return with PAM_SUCCESS if onerr=succeed is given, else with the corresponding PAM error code.
Perhaps "something weird" is happening on your computer. I would set onerr=succeed as a first step. I would also check the various relevant log files for information about this problem, like /var/log/tallylog, /var/log/secure, /var/log/auth.log or whatever you have on your system. Then there is the pam_tally2 command, which might provide useful information as well.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
deian yum lock [ ERR] Reading state information E: Could not get lock /var/lock/aptit jayakumar01 Linux - Server 1 12-05-2011 12:26 PM
Lock after invalid login attempts, session lock, minimum password length nstarz Linux - Security 1 06-24-2010 06:36 PM
Configure Failed logins to lock accounts after 5 failed attempts mccartjd Linux - Newbie 5 05-05-2008 09:02 AM
Caps Lock and Num Lock leds dont work! npc Linux - Hardware 2 11-08-2005 11:40 AM
Why doesnt my USB mouse doesnt work? barkha Linux - Hardware 2 08-16-2005 12:31 PM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 06:17 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration