Comments on: Linux Failed Login Control: Lock and Unlock User Accounts Using PAM http://www.cyberciti.biz/tips/lock-unlock-set-number-of-login-attempts.html This is a Linux sys admin journal by Vivek about sys admin work, Linux tips & tricks, hacks, news and more. Fri, 10 Feb 2012 20:37:43 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Yongzhi Panhttp://www.cyberciti.biz/tips/lock-unlock-set-number-of-login-attempts.html#comment-178189 Yongzhi Pan Sun, 08 Jan 2012 06:23:49 +0000 http://www.cyberciti.biz/tips/?p=2333#comment-178189 "Append following AUTH configuration to /etc/pam.d/system-auth file" This does not work. I have tested it. Even if the fails are recorded, login is not denied at all. The modules are tried in the order list. You have to prepend it before any 'auth' to use it. Another note, we should be using the newer pam_tally2.so module. “Append following AUTH configuration to /etc/pam.d/system-auth file”

This does not work. I have tested it. Even if the fails are recorded, login is not denied at all. The modules are tried in the order list. You have to prepend it before any ‘auth’ to use it.

Another note, we should be using the newer pam_tally2.so module.

]]> By: Yongzhi Panhttp://www.cyberciti.biz/tips/lock-unlock-set-number-of-login-attempts.html#comment-178188 Yongzhi Pan Sun, 08 Jan 2012 05:39:56 +0000 http://www.cyberciti.biz/tips/?p=2333#comment-178188 Aaron C, Just edit this file and do not use authconfig. It should be noted this will not effect for ssh remote login. You should put it in `sshd' pam config file for this. Aaron C, Just edit this file and do not use authconfig.

It should be noted this will not effect for ssh remote login. You should put it in `sshd’ pam config file for this.

]]> By: Aaron Chttp://www.cyberciti.biz/tips/lock-unlock-set-number-of-login-attempts.html#comment-176704 Aaron C Thu, 08 Dec 2011 20:59:31 +0000 http://www.cyberciti.biz/tips/?p=2333#comment-176704 From the top of /etc/pam.d/system-auth: #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. Is there another place these options should be set so that authconfig does not clobber them? Right now, as a work around, I am going to `chattr +i /etc/pam.d/system-auth`. Thanks, Aaron From the top of /etc/pam.d/system-auth:

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.

Is there another place these options should be set so that authconfig does not clobber them? Right now, as a work around, I am going to `chattr +i /etc/pam.d/system-auth`.

Thanks,
Aaron

]]>