search for: unlock_time

Hi I am trying to lock users after 3 attempts and then set the timeout before they can log in again. I thought i could achieve this with auth required pam_tally.so deny=3 unlock_time=600 in /etc/pam.d/system-auth but it seems to not be the case - I cant find a working config for this anywhere and i wonder if anyone has one they can share? thanks

Hi, I'm currently using, CentOS release 4.8 (Final) and wanted to update the pam_tally module to support unlock_time. I understand this is only support on centos 5.x and up. What are my options for updating pam_tally to support unlock_time, can I simply download and update from a centos repo or should I compile pam. I would appreciate some suggestions. paul -------------- next part -------------- An HTML...

Hi All, I prepared a Centos 6.8 Minimal server, as part of hardening i added PAM rules under system-auth and password-auth to lock the user account for 30 minutes after 3 failed login attempts. ############system-auth############### auth required pam_tally2.so deny=3 unlock_time=1800 auth required pam_env.so auth sufficient pam_unix.so auth requisite pam_succeed_if.so uid >= 500 quiet auth required pam_deny.so account required pam_unix.so account required pam_tally2.so account sufficient pam_localuse...

.... The system-auth in the pam.d is like that: ------------------- auth required pam_env.so auth sufficient pam_unix.so nullok auth sufficient pam_winbind.so try_first_pass auth required pam_deny.so auth required pam_tally2.so deny=3 onerr=fail unlock_time=60 account required pam_unix.so account sufficient pam_succeed_if.so uid < 500 quiet account sufficient pam_winbind.so account required pam_permit.so account required pam_tally2.so password sufficient pam_unix.so md5 shadow nullok use_authtok reme...

...ftp connections, you'll see lots of logs even though everything eventually succeeds. I'm on RHEL 5.5 with openssh-server-4.3p2-41.el5 and pam-0.99.6.2-6.el5_4.1. I'm using pam_tally2 in the auth and account phases: #%PAM-1.0 ... auth requisite pam_tally2.so deny=3 lock_time=10 unlock_time=900 ... account required pam_tally2.so ... I'm guessing the problem is that sshd doesn't call pam_setcred correctly as stated in the pam_tally2 man page: "Account phase resets attempts counter if the user is not magic root. This phase can be used optionally for services which do...