LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 02-26-2012, 08:36 AM   #1
abhay1983
LQ Newbie
 
Registered: Feb 2012
Posts: 23

Rep: Reputation: Disabled
Restrict User's login attempt


Please advice on this regards.

How to restrict user's login attempt.

That means user will not be prompted to the login seesion, after entered 3 times wrong paasword.

Thanks in Advance !
 
Old 02-26-2012, 08:43 AM   #2
abhay1983
LQ Newbie
 
Registered: Feb 2012
Posts: 23

Original Poster
Rep: Reputation: Disabled
Hey all I got the answer. Correct me if i am worng.

We need to edit the file "limits.conf" under /etc/security/.

@user - maxlogins 3

TY
 
Old 02-27-2012, 06:09 AM   #3
Reuti
Senior Member
 
Registered: Dec 2004
Location: Marburg, Germany
Distribution: openSUSE 15.2
Posts: 1,339

Rep: Reputation: 260Reputation: 260Reputation: 260
Do you want to limit “attempts” to login into the system, or the “number of logins” per user at a time? The former is usually set up in the firewall, while the latter is in “limits.conf”.
 
Old 02-27-2012, 08:06 AM   #4
abhay1983
LQ Newbie
 
Registered: Feb 2012
Posts: 23

Original Poster
Rep: Reputation: Disabled
Yes. I want to limit “number of logins” per user.

Ok. Please let me know how to limit “attempts” to login into the system
 
Old 02-27-2012, 08:20 AM   #5
Satyaveer Arya
Senior Member
 
Registered: May 2010
Location: Palm Island
Distribution: RHEL, CentOS, Debian, Oracle Solaris 10
Posts: 1,420

Rep: Reputation: 305Reputation: 305Reputation: 305Reputation: 305
First-of-all you please provide complete information, like which OS you are using?

Depending on the distribution,
In my case:
go to --- /etc/pam.d/system-auth
append auth required pam_tally.so onerr=fail deny=5 unlock_time=21600

Where,
(a) deny=5 - Deny access if tally for this user exceeds 5 times.

(b) unlock_time=21600 - Allow access after 21600 seconds(6 hours) after failed attempt. If this option is used the user will be locked out for the specified amount of time after he exceeded his maximum allowed attempts. Otherwise the account is locked until the lock is removed by a manual intervention of the system administrator.

(c) onerr=fail - If something weird happens(like unable to open the file), return with PAM_SUCESS if onerr=succeed is given, else with the corresponding PAM error code.

Try in your OS and let us know.

Last edited by Satyaveer Arya; 02-27-2012 at 08:22 AM.
 
1 members found this post helpful.
Old 02-27-2012, 08:27 AM   #6
Satyaveer Arya
Senior Member
 
Registered: May 2010
Location: Palm Island
Distribution: RHEL, CentOS, Debian, Oracle Solaris 10
Posts: 1,420

Rep: Reputation: 305Reputation: 305Reputation: 305Reputation: 305
In SunSolaris the file is /etc/default/login.

The line is RETRIES=5(or whatever number is set on your server).
See the man page for login.
 
1 members found this post helpful.
Old 02-28-2012, 07:00 AM   #7
abhay1983
LQ Newbie
 
Registered: Feb 2012
Posts: 23

Original Poster
Rep: Reputation: Disabled
Thanks Satyaveer !

I am using Redhat EL-4. So the correct file is "/etc/pam.d/system-auth".

Lemme to work on this and come back to u ?

Cherrs!
Abhay
 
Old 02-28-2012, 08:04 AM   #8
Satyaveer Arya
Senior Member
 
Registered: May 2010
Location: Palm Island
Distribution: RHEL, CentOS, Debian, Oracle Solaris 10
Posts: 1,420

Rep: Reputation: 305Reputation: 305Reputation: 305Reputation: 305
So, there is a line in /etc/pam.d/system-auth :

Quote:
password requisite pam_cracklib.so try_first_pass retry=3
change the number according to your need.
 
1 members found this post helpful.
Old 02-28-2012, 11:35 PM   #9
cwilliams6419
LQ Newbie
 
Registered: Feb 2012
Posts: 3

Rep: Reputation: Disabled
Just a note. Anyone using Fedora 16 and want to attempt the same thing. Modify the line to use pam_tally2.so
"auth required pam_tally2.so onerr=fail deny=5 unlock_time=21600"

To show login attempts use:
pam_tally2 --user admin

To reset locked account use:
pam_tally2 --user admin --reset

Last edited by cwilliams6419; 02-28-2012 at 11:43 PM.
 
1 members found this post helpful.
Old 02-29-2012, 06:29 AM   #10
abhay1983
LQ Newbie
 
Registered: Feb 2012
Posts: 23

Original Poster
Rep: Reputation: Disabled
Thanks guys for your great help. Will meet in another issue
 
Old 02-29-2012, 07:28 AM   #11
Satyaveer Arya
Senior Member
 
Registered: May 2010
Location: Palm Island
Distribution: RHEL, CentOS, Debian, Oracle Solaris 10
Posts: 1,420

Rep: Reputation: 305Reputation: 305Reputation: 305Reputation: 305
abhay1983,

Have you solved your problem? If so, how? Please tell us all.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Restrict user login ust Linux - Newbie 5 05-27-2011 02:46 AM
Redhat 5 - How to restrict a user to login only from remote machine raju_email@yahoo.com Linux - Security 6 09-20-2009 09:43 AM
New user first login attempt gets "Account locked. Maximum attempts reached" p3t0rt Linux - Newbie 2 07-21-2009 05:40 PM
how to restrict a user to login from one specified machine? hueofwind Linux - General 5 08-25-2006 10:13 AM
how can i restrict a samba user to a single login sravanth.svk Linux - Networking 0 08-25-2006 08:53 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 03:29 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration