Linux - Server This forum is for the discussion of Linux Software used in a server related context. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
02-26-2012, 08:36 AM
|
#1
|
LQ Newbie
Registered: Feb 2012
Posts: 23
Rep:
|
Restrict User's login attempt
Please advice on this regards.
How to restrict user's login attempt.
That means user will not be prompted to the login seesion, after entered 3 times wrong paasword.
Thanks in Advance !
|
|
|
02-26-2012, 08:43 AM
|
#2
|
LQ Newbie
Registered: Feb 2012
Posts: 23
Original Poster
Rep:
|
Hey all I got the answer. Correct me if i am worng.
We need to edit the file "limits.conf" under /etc/security/.
@user - maxlogins 3
TY
|
|
|
02-27-2012, 06:09 AM
|
#3
|
Senior Member
Registered: Dec 2004
Location: Marburg, Germany
Distribution: openSUSE 15.2
Posts: 1,339
|
Do you want to limit “attempts” to login into the system, or the “number of logins” per user at a time? The former is usually set up in the firewall, while the latter is in “limits.conf”.
|
|
|
02-27-2012, 08:06 AM
|
#4
|
LQ Newbie
Registered: Feb 2012
Posts: 23
Original Poster
Rep:
|
Yes. I want to limit “number of logins” per user.
Ok. Please let me know how to limit “attempts” to login into the system
|
|
|
02-27-2012, 08:20 AM
|
#5
|
Senior Member
Registered: May 2010
Location: Palm Island
Distribution: RHEL, CentOS, Debian, Oracle Solaris 10
Posts: 1,420
|
First-of-all you please provide complete information, like which OS you are using?
Depending on the distribution,
In my case:
go to --- /etc/pam.d/system-auth
append auth required pam_tally.so onerr=fail deny=5 unlock_time=21600
Where,
(a) deny=5 - Deny access if tally for this user exceeds 5 times.
(b) unlock_time=21600 - Allow access after 21600 seconds(6 hours) after failed attempt. If this option is used the user will be locked out for the specified amount of time after he exceeded his maximum allowed attempts. Otherwise the account is locked until the lock is removed by a manual intervention of the system administrator.
(c) onerr=fail - If something weird happens(like unable to open the file), return with PAM_SUCESS if onerr=succeed is given, else with the corresponding PAM error code.
Try in your OS and let us know.
Last edited by Satyaveer Arya; 02-27-2012 at 08:22 AM.
|
|
1 members found this post helpful.
|
02-27-2012, 08:27 AM
|
#6
|
Senior Member
Registered: May 2010
Location: Palm Island
Distribution: RHEL, CentOS, Debian, Oracle Solaris 10
Posts: 1,420
|
In SunSolaris the file is /etc/default/login.
The line is RETRIES=5(or whatever number is set on your server).
See the man page for login.
|
|
1 members found this post helpful.
|
02-28-2012, 07:00 AM
|
#7
|
LQ Newbie
Registered: Feb 2012
Posts: 23
Original Poster
Rep:
|
Thanks Satyaveer !
I am using Redhat EL-4. So the correct file is "/etc/pam.d/system-auth".
Lemme to work on this and come back to u ?
Cherrs!
Abhay
|
|
|
02-28-2012, 08:04 AM
|
#8
|
Senior Member
Registered: May 2010
Location: Palm Island
Distribution: RHEL, CentOS, Debian, Oracle Solaris 10
Posts: 1,420
|
So, there is a line in /etc/pam.d/system-auth :
Quote:
password requisite pam_cracklib.so try_first_pass retry=3
|
change the number according to your need.
|
|
1 members found this post helpful.
|
02-28-2012, 11:35 PM
|
#9
|
LQ Newbie
Registered: Feb 2012
Posts: 3
Rep:
|
Just a note. Anyone using Fedora 16 and want to attempt the same thing. Modify the line to use pam_tally2.so
"auth required pam_tally2.so onerr=fail deny=5 unlock_time=21600"
To show login attempts use:
pam_tally2 --user admin
To reset locked account use:
pam_tally2 --user admin --reset
Last edited by cwilliams6419; 02-28-2012 at 11:43 PM.
|
|
1 members found this post helpful.
|
02-29-2012, 06:29 AM
|
#10
|
LQ Newbie
Registered: Feb 2012
Posts: 23
Original Poster
Rep:
|
Thanks guys for your great help. Will meet in another issue
|
|
|
02-29-2012, 07:28 AM
|
#11
|
Senior Member
Registered: May 2010
Location: Palm Island
Distribution: RHEL, CentOS, Debian, Oracle Solaris 10
Posts: 1,420
|
abhay1983,
Have you solved your problem? If so, how? Please tell us all.
|
|
|
All times are GMT -5. The time now is 03:29 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|