Open /etc/pam.d/system-auth file.
Now write these lines just above the line stating auth sufficient pam_unix.so:
auth required pam_tally2.so onerr=fail deny=3
account required pam_tally2.so reset
Now the account will be locked after three failed login attempts.
There are various other options you can use like:
unlock_time=100 will unlock the account after 100 seconds.
You can use any value for unlock_time field.
If you don’t use this parameter then you’ll have to manually unlock a locked account using
# pam_tally2 -r -u username command.
lock_time=100 will lock the account for 100 seconds after failed attempts to login.
no_magic_root will avoid locking root account.
No comments:
Post a Comment