Help answer threads with 0 replies.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 06-08-2010, 02:37 PM   #1
Registered: Jan 2010
Posts: 42

Rep: Reputation: 15
Trying to lock user accounts after too many login failures.

I am trying to disable accounts after 5 unsuccessful
login attempts. I am following the guidelines in this

This is on an Oracle Enterprise 5.4 box, which is essentially RHEL 5.4

Here is what my /etc/pam.d/system-auth looks like:

# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required
auth required onerr=success no_magic_root
auth sufficient nullok try_first_pass
auth requisite uid >= 500 quiet
auth required

account required
account required per_user deny=5 no_magic_root reset
account sufficient uid < 500 quiet
account required

password requisite try_first_pass retry=3 minlen=8 dcredit=-1 ocredit=-1
password sufficient md5 shadow nullok try_first_pass use_authtok
password required

session optional revoke
session required
session [success=1 default=ignore] service in crond quiet use_uid
session required

I have created a user 'test1'. I then generated 6 unsuccessful su
attempts from another non-root user account trying to get into the
test1 account. Here is the output of faillog on the user now:

Login Failures Maximum Latest On

test1 6 0 06/08/10 15:32:37 -0400 pts/4

Unfortunately, the account does not seem to be locked or disabled. As root, runninng 'su test2 -c <some-command>' always sucessfully runs <some-command>, and leaves the failed attempt count at 6. /etc/shadow does not have an * or ! anywhere in the encrypted password for the 'test1' user.

What am I doing wrong? I thought that with the max attempts set to 0
in faillog, that the deny= parameter would be used.

I thought I should be using su <user> -c <command> from the root account to test if the disable feature is working. Is my methodology wrong?

Did I miss something? Thanks.
Old 06-08-2010, 02:39 PM   #2
Registered: Jan 2010
Posts: 42

Original Poster
Rep: Reputation: 15
I typoed above. My test su command is to the correect user 'test1', not 'test2'. Sorry.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Adding root privaliges to user accounts or auto login as root Val-Ent Linux - General 15 03-02-2010 04:27 PM
lock user account after failed login attempts with FC 10 hv905c Linux - Security 1 05-18-2009 08:44 PM
Another user login after lock screen devrajdp Linux - Enterprise 4 12-04-2008 01:09 AM
User login failures ombatult Linux - Software 11 02-25-2006 10:11 AM
New user accounts fail on login RC_Baker Red Hat 0 03-23-2005 05:13 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:57 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration