Fail Login Configuration

1. Open the /etc/pam.d/system-auth file for editing.
ensure that a backup done for the file which you are editing.

2. Add the following lines:

auth required pam_tally.so no_magic_root
account required pam_tally.so deny=2 no_magic_root

here the value of deny implies how many login attempts should faillog wait before locking the account for login.

3. Save the file and exit.
4. Test the configuration by attempting to login as a normal user, but using a wrong password.
5. Verify the failed count increments by running the command:

faillog -u
6. To disable faillog for one particular user faillog -m -1 -u username

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s