LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Account lockout with PAM
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 04-22-2009, 09:32 AM   #1
thllgo
Member
 
Registered: Sep 2003
Location: Laurel MD
Posts: 296

Rep: Reputation: 32
Account lockout with PAM

Hello

I keep reading that by adding the following line

auth required pam_tally.so onerr=fail deny=2

to the file /etc/pam.d/system-auth that accounts should be locked out after 2 bad password attempts. I have tried this and it is not working for me. Is there something else I have to do? Do I need to reboot afterward?

I have RHES 5, I am using ssh to login to the system.

I don't intend to leave it at 2 I will increase to 5, I'm just using 2 for the number of attempts for testing purposes. I know this makes the system open to denial of service attacks but its a security requirement where I work.

I also have a pam_tally2.so should I be using that instead? I've tried it once or twice without luck.

Thank you
 
Old 04-22-2009, 02:54 PM   #2
thllgo
Member
 
Registered: Sep 2003
Location: Laurel MD
Posts: 296

Original Poster
Rep: Reputation: 32
found the problem, the following line is also required and I didn't have it
account sufficient pam_localuser.so
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Set account lockout without using pam HelpMe2877 Linux - Security 4 12-03-2008 03:05 PM
NISPOM Security: PAM account lockout and XScreenSaver Settings ElvisImprsntr Linux - Newbie 3 09-26-2007 06:44 PM
account lockout threshold pasupuleti Programming 3 10-03-2006 12:11 AM
Account lockout threshold moinpasha Linux - Security 10 09-28-2006 07:27 AM
Automatic Account lockout jimrt Linux - Security 3 03-26-2003 08:32 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:19 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration