Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: block user account after failed password
Top Forums UNIX for Dummies Questions & Answers block user account after failed password Post 302433834 by kopper on Wednesday 30th of June 2010 04:18:42 PM
Old 06-30-2010
block user account after failed password
hi guys

I have Centos 5.4

The idea is lock the user account for 3 minutes after he has entered his password incorrectly 3 times.

I've modified /etc/pam.d/system-auth
Code:
auth        required      pam_tally.so onerr=fail per_user deny=3
account     required      pam_tally.so reset

besides the code above I used these 2 commands to get things working

Set lock out at 3 failed login attempts:
faillog -m 3
Exclude root from this lockout mechanism:
faillog -u root -m 0

as you see I have not defined the lock_time=180 yet since no matter where I put it up there it won't work

where should it be? in order that after 3 or more failed attempts and after wait 3 minutes user can log to the system since for instance he now remember his correct password

Now I can unblock his account manually by faillog -r -u username but I want to avoid that admin task

thanks a lot
 

10 More Discussions You Might Find Interesting

1. Solaris

how can I change user name and password , of account ?

passwd only changes the password but i need to change the user name tnx (5 Replies)
Discussion started by: umen
5 Replies

2. UNIX for Dummies Questions & Answers

Change Account to not lock account if password expires

I have access to 15+ UNIX boxes at work, and I do not consistently log onto all of them over time. When I do try to access one I havent been on in awhile, my account is locked as the password has expired. I need to request to the UNIX SA's that the password expiration is 90 days and that if it... (1 Reply)
Discussion started by: stringzz
1 Replies

3. UNIX for Dummies Questions & Answers

Difference between : Locked User Account & Disabled User Accounts in Linux ?

Thanks AVKlinux (3 Replies)
Discussion started by: avklinux
3 Replies

4. Debian

password less login to root from a user account

hello friends, one user is created named "user1" I login as "user1" . Now when i do "su -" to be root user I have to give password for root . Is there any way through which we can skip giving the password to root. i.e. user1@work:~$ su - Password: xxxxxx work:~$ I don't want that... (1 Reply)
Discussion started by: pradeepreddy
1 Replies

5. Shell Programming and Scripting

Create new user account and password in shell script

I am trying to create a shell script that will: check if a specific user already exists if not, create a specific group and create the user in that group assign a password to that user, where the password is passed in as a parameter to the script The problem that I need help with is 3 on... (4 Replies)
Discussion started by: killuane
4 Replies

6. Solaris

Set Password Account to NP or NL

Hi Everyone, my name`s Sergio. I need your help please. I have a problem using Solaris 9. I create an account with the command line "useradd", with this I have no problem. My problem is I need set the created account to NP (No Password or Non Login). For example: cat /etc/shadow ... (2 Replies)
Discussion started by: roswell
2 Replies

7. Shell Programming and Scripting

Passing password when changing the user account

Hi All, I have one requirment.. I need to change my id to some sudo account in a server.. Actually our username/passwd will be stored in one gip file like below... $cat .a.gz #It's hidden file username passwd $ So I tried the below script to pass the password when i sudo to... (7 Replies)
Discussion started by: raghu.iv85
7 Replies

8. Shell Programming and Scripting

Need a condition to account for failed nslookups

I need some help creating a condition for looking up hosts. I have this master host file that has data in the following columns: FQDN primary IP secondary IP third IP I need the hostnames to feed into another script I use for provisioning users. The FQDN doesn't always work for... (2 Replies)
Discussion started by: MaindotC
2 Replies

9. Red Hat

Failed password for invalid user

Dear All , I have created a user named X and gave sudo permissions for it , So that it can access some commands as root. This particular user can login to the server using SSH login through putty any where with in the network. But there is some issue , when the same user is trying from... (4 Replies)
Discussion started by: jegaraman
4 Replies

10. Forum Support Area for Unregistered Users & Account Problems

Further to my query re: failed attempt to change email address on existing account

Neo Thanks for your reply to my original post, entitled "Problem changing the email address associated with my unix.com account". I am unable to reply to you in that thread, as I am unable to log-on to unix.com! From what you said about purging dormant accounts, it is likely that my account... (1 Reply)
Discussion started by: irb
1 Replies

LEARN ABOUT SUSE

faillog

FAILLOG(8)																FAILLOG(8)

NAME

       faillog - display faillog records or set login failure limits

SYNOPSIS

       faillog [options]

DESCRIPTION

       faillog formats the contents of the failure log from /var/log/faillog database. It also can be used for maintains failure counters and
       limits. Run faillog without arguments display only list of user faillog records who have ever had a login failure.

OPTIONS

       The options which apply to the faillog command are:

       -a, --all
	      Display faillog records for all users.

       -h, --help
	      Display help message and exit.

       -l, --lock-time SEC
	      Lock accout to SEC seconds after failed login.

       -m, --maximum MAX
	      Set maiximum number of login failures after the account is disabled to MAX. Selecting MAX value of 0 has the effect of not placing a
	      limit on the number of failed logins. The maximum failure count should always be 0 for root to prevent a denial of services attack
	      against the system.

       -r, --reset
	      Reset the counters of login failures or one recor if used with -u LOGIN option. Write access to /var/log/faillog is required for
	      this option.

       -t, --time DAYS
	      Display faillog records more recent than DAYS. The -t flag overrides the use of -u.

       -u, --user LOGIN
	      Display faillog record or maintains failure counters and limits (if used with -l, -m or -r options) only for user with LOGIN.

CAVEATS

       faillog only prints out users with no successful login since the last failure. To print out a user who has had a successful login since
       their last failure, you must explicitly request the user with the -u flag, or print out all users with the -a flag.

FILES

       /var/log/faillog
	      failure logging file

SEE ALSO

       login(1), faillog(5)

AUTHOR

       Julianne Frances Haugh (jockgrrl@ix.netcom.com)

								    08/03/2005								FAILLOG(8)
All times are GMT -4. The time now is 06:23 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy