pam_tally2 not lock user?

Support for security such as Firewalls and securing linux
Post Reply
jabalv
Posts: 4
Joined: 2011/07/11 17:18:58

pam_tally2 not lock user?

Post by jabalv » 2011/08/01 11:37:07

Hello. I`m trying to set PAM to lock user account. I tried lock my user, got confirm, that user is locked.
But when I try correct password, I got logged in into system only if user is locked. What problem can be here?

Here is my [url=http://pastebin.com/Z3RiRZCS]/etc/pam.d/system-auth[/url]

jabalv
Posts: 4
Joined: 2011/07/11 17:18:58

Re: pam_tally2 not lock user?

Post by jabalv » 2011/08/01 13:09:12

Problem solved. Need correct place for lines, pam_tally2.so line need to put after pam_env.so module.

[code]auth required pam_env.so
auth required pam_tally2.so deny=3 onerr=fail[/code]


Is there is possible to make ssh automatically understand that user is locked and do not offer password input possibilities, but show warning?

keddie
Posts: 5
Joined: 2009/02/18 15:00:16
Contact:

Re: pam_tally2 not lock user?

Post by keddie » 2015/09/04 12:48:58

AFAIK you can set ChallengeResponseAuthentication to yes in /etc/ssh/sshd_config and it will be showing following warning:
Account locked due to X failed logins
However it will keep prompting for password anyway.

Post Reply