RHEL4.8 no notification on PAM lockout

Thread Tools Search this Thread
Operating Systems Linux Red Hat RHEL4.8 no notification on PAM lockout
# 1  
Old 03-24-2015
RedHat RHEL4.8 no notification on PAM lockout

Good day. I have setup hardening the password (test system so far) prior to doing any work on production. Here is what I have set.

Snippet from /etc/pam.d/system-auth

auth required /lib/security/$ISA/pam_env.so
auth required /lib/security/$ISA/pam_tally.so onerr=fail no_magic_root
account required /lib/security/$ISA/pam_unix.so
account required /lib/security/$ISA/pam_tally.so per_user deny=3 reset no_magic_root

The system is auto-locking the accounts as requested. However, it is giving no notifications to client. This is happening for console, ssh, and xorg login's.

I attempted to fix up sshd with modifying these settings in /etc/ssh/sshd_config:

PasswordAuthentication no
ChallengeResponseAuthentication yes

Then restarting the sshd daemon with:
service sshd restart

No difference.
Any suggestions ?
# 2  
Old 03-24-2015
Suggestions on what? How to get pam_tally to notify users when they are locked out? Notify how?

There is no support within PAM for notifying users when they are locked out by pam_tally or pam_tally2
# 3  
Old 03-24-2015
Why would you want to inform them when people are locked out? Giving any information to someone trying to break in is a bad idea. They would know to move their attempts to a different account -- and would know to stop wasting their time on the locked-out one. And maybe even realize that you had handed everyone in the world the ability to lock out other people's accounts whenever they pleased. (i.e. why I feel lockouts are a terrible idea in general).
This User Gave Thanks to Corona688 For This Post:
# 4  
Old 03-24-2015

Good point. I'll close out the thread then, as it is working as expected.
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Solaris

Secman lockout

Greetings, I work with a Solaris Sun Server V240 system (GCCS) and have run into a problem where I can't seem to unlock my SECMAN account at the NON-GLOBAL level. I have access to all global accounts to include sysadmin and secman. I have access to the non-global sysadmin account and root... (4 Replies)
Discussion started by: TLAMGUY
4 Replies

2. Red Hat

Account lockout

having account lockout issues with an RHEL 5 server. My users are getting locked out for 10 minutes after one failed login attempt even though /etc/pam.d/sshd is configured for 5 failed attempts: auth include system-auth auth required pam_tally2.so deny=5 onerr=fail... (1 Reply)
Discussion started by: nerdalert
1 Replies

3. SuSE

PAM password change failed, pam error 20

Hi, I use a software which can create account on many system or application. One of resource which is managed by this soft his a server SUSE Linux Enterprise Server 10 (x86_64). patch level 3. This application which is an IBM application use ssh to launch command to create account in... (3 Replies)
Discussion started by: scabarrus
3 Replies

4. Red Hat

Account Lockout on Redhat

On a redhat linux 4 server, how to find if there is an account lockout duration is set. Is it configured under pam or /etc/shadow? what entries I need to find out? Is it pam_time.so module? I desperately need an answer because on one of the servers, no one was able to login through any account... (4 Replies)
Discussion started by: Tirmazi
4 Replies

5. UNIX and Linux Applications

Account lockout using Openldap

What is the best way to implement account lockout in openldap? I have an openldap server with Ubuntu desktop client connecting to it for authentication. I want he accounts to locked out after say 5 failed authentication attempts I have enabled ppolicy layout in slapd.conf. overlay ppolicy... (0 Replies)
Discussion started by: nitin09
0 Replies

6. Red Hat

Account lockout policy

Hi all; I m using Red Hat Enterprise Linux Server release 5.1 (Tikanga) and I'm trying to setup password lockout policy so that a user account locks out after 3 failed attempts. Here are the entires of my /etc/pam.d/system-auth #%PAM-1.0 # This file is auto-generated. # User changes... (1 Reply)
Discussion started by: maverick_here
1 Replies

7. AIX

lockout su for 1 user

I want to know if there is any easy way of stopping 1 user from using su? perferabily any su but I can make do with not allow him to su to root but allow other user to su to root. (3 Replies)
Discussion started by: daveisme
3 Replies

8. AIX

user lockout...

Hi, We are using and I would like to make a global change to the "number of failed logins before user account is locked" Any ideas, other than using SMIT one user at a time.... ??? Thanks... Craig. (2 Replies)
Discussion started by: stumpy
2 Replies

9. UNIX for Dummies Questions & Answers

root lockout

Hi, I am extremely new to UNIX and was recently promoted to administer the system for a small company. Anyhow, the time came for passwords to change, and I made the huge mistake of entering in the command (as root) passwd -l After logging out (oblivious to what would happen next), the root... (4 Replies)
Discussion started by: newbieadmin
4 Replies

10. UNIX for Dummies Questions & Answers

Lockout Users

I am using AIx 4.3.3 and was wondering what the command was to keep users from logging in. I want to be able to do maintenance and keep the users out. Can anyone help? (7 Replies)
Discussion started by: cgillett
7 Replies
Login or Register to Ask a Question

Featured Tech Videos