>Lock account in linux using pam_tally or pam_tally2

By | June 28, 2010

>pam_tally pam module can be used to lock a account after centain number of failed login attempt. For example if you want to lock user after 3 failed login attempt. Then configure you /etc/pam.d/system-auth file in following ways
        auth     required     pam_tally.so  onerr=fail deny=3
(Remember to put this line above the line auth    required pam_unix.so)
         account  required     pam_tally.so  reset
Now save the system-auth file and try it with some user. This worked for my RHEL 5.4 system.
 But suppose you have some extended requirement to lock user for few seconds or minutes after invalid login attempts. You can try pam_tally2 pam module. Like in following statement unlock_time is 5 minute  after get locked for 3 unsuccessful login attempt. Edit for /etc/pam.d/system-auth file in following ways
         auth   required pam_tally2.so deny=3 unlock_time=300
To get information about when last invalid login attempted you can use following command
    root#pam_tally2 -u
To manually Unlock the account use following command
   root#pam_tally2 -r -u

To get help try command man pam_tally 2 .

Share itShare on FacebookEmail this to someoneTweet about this on TwitterShare on Google+Share on LinkedInPrint this page

3 thoughts on “>Lock account in linux using pam_tally or pam_tally2

  1. Anonymous

    >I don't see the point. unlock_time is also available in pam_tally


Leave a Reply

Your email address will not be published. Required fields are marked *

Current month ye@r day *