How do I lock out a user after a set number of login attempts in Linux but also automatically unlock it after N minutes?
Under Linux operating system you can use the faillog command to display faillog records or to set login failure limits. faillog command displays the contents of the failure log from /var/log/faillog database file. It also can be used for maintains failure counters and limits. If you run faillog command without arguments, it will display only list of user faillog records who have ever had a login failure.
PAM is a flexible mechanism for authenticating users. For example, you do not allow users to reuse recent passwords. This can be accomplished by using the remember option for the pam_unix or pam_unix2 (part of certain enterprise distro) PAM module. In this quick, blog post I am going to explain how to restrict use of previous passwords using pam_unix.so.