{ 13 comments… read them below or add one }

1 Atanu Banerjee January 1, 2008 at 11:01 am

How to enable the same setting in SuSE Linux environment?

Reply

2 Vasudeva March 3, 2008 at 8:59 pm

lock_time & unlock_time options are not working on redhat 4 (2.6.9-55.0.2.ELsmp). I am getting error message “pam_tally: unknown option; unlock_time=100″ and pam_tally: unknown option; lock_time=120. We have pam version : pam-0.77-66.21. Do this version support lock_time & unlock_time options ?

Reply

3 vijay mane March 4, 2008 at 7:58 am

one of the best sites where person like mw can get lot of knowledge

Reply

4 kadir January 13, 2013 at 3:54 pm

Exactly

Reply

5 Vasudeva April 11, 2008 at 8:27 pm

Can we exclude PAM modules for certain groups? This is for some particular application group need to disable PAM modules .

Reply

6 mjp November 10, 2008 at 11:05 pm

At least for CentOS 5 the only valid options for the account phase are magic_root and no_reset, all other should be in the auth phase

Reply

7 lalit December 21, 2009 at 5:51 am

Hi, i tried this to add account locked out policy in rhel 5.0 but this is not working

i go to /etc/pam.d/system-auth file and add both lines in it

auth required pam_tally.so no_magic_root
account required pam_tally.so deny=3 no_magic_root lock_time=180

after that i checked faillog -u lalit (username)
it shows faillog but when tried to check it is lock the account or not it is not working

if u have anyother way then please help me ..

Reply

8 barney griggs June 9, 2010 at 10:13 pm

Anyone have any Idea why Centos 5.2 would take every login as a failure when setting up for lockout after X failed attempts?

Reply

9 dinesh kumart April 16, 2011 at 3:14 am

very good

Reply

10 krishna June 13, 2011 at 7:36 am

good ……………. :)

Reply

11 nigoor April 4, 2012 at 10:34 am

all of the above is not working

Reply

12 Stephen May 21, 2012 at 1:51 pm

The following worked for me,

if you’re using pam_tally use
pam_tally –reset –user

If you’re using pam_tally2, which is typical in rhel6 use
pam_tally2 -r -u

Reply

13 kadir January 13, 2013 at 3:57 pm

$ vi /etc/pam.d/system-auth
My file doesnt contain mentined lines;

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so try_first_pass nullok
#auth sufficient pam_plesk.so try_first_pass
auth required pam_deny.so

account required pam_unix.so

password required pam_cracklib.so try_first_pass retry=3
#password optional pam_plesk.so try_first_pass
password sufficient pam_unix.so try_first_pass use_authtok nullok md5
password required pam_deny.so

session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so

Reply

Leave a Comment

You can use these HTML tags and attributes for your code and commands: <strong> <em> <ol> <li> <u> <ul> <blockquote> <pre> <a href="" title="">
What is 6 + 10 ?
Please leave these two fields as-is:
Solve the simple math so we know that you are a human and not a bot.




Tagged as: , , , , , , , , , , , , , , , , , , , , , , ,

Previous post:

Next post: