Login or Register to Ask a Question and Join Our Community


Red Hat

RHEL4.8 no notification on PAM lockout

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Linux Red Hat RHEL4.8 no notification on PAM lockout
# 1  
Old 03-24-2015
RedHat RHEL4.8 no notification on PAM lockout
Good day. I have setup hardening the password (test system so far) prior to doing any work on production. Here is what I have set.

Snippet from /etc/pam.d/system-auth

auth required /lib/security/$ISA/pam_env.so
auth required /lib/security/$ISA/pam_tally.so onerr=fail no_magic_root
account required /lib/security/$ISA/pam_unix.so
account required /lib/security/$ISA/pam_tally.so per_user deny=3 reset no_magic_root


The system is auto-locking the accounts as requested. However, it is giving no notifications to client. This is happening for console, ssh, and xorg login's.

I attempted to fix up sshd with modifying these settings in /etc/ssh/sshd_config:

PasswordAuthentication no
ChallengeResponseAuthentication yes


Then restarting the sshd daemon with:
service sshd restart

No difference.
Any suggestions ?
# 2  
Old 03-24-2015
Suggestions on what? How to get pam_tally to notify users when they are locked out? Notify how?

There is no support within PAM for notifying users when they are locked out by pam_tally or pam_tally2
# 3  
Old 03-24-2015
Why would you want to inform them when people are locked out? Giving any information to someone trying to break in is a bad idea. They would know to move their attempts to a different account -- and would know to stop wasting their time on the locked-out one. And maybe even realize that you had handed everyone in the world the ability to lock out other people's accounts whenever they pleased. (i.e. why I feel lockouts are a terrible idea in general).
This User Gave Thanks to Corona688 For This Post:
smurphy_it
# 4  
Old 03-24-2015
RedHat
Good point. I'll close out the thread then, as it is working as expected.
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Solaris

Secman lockout

Greetings, I work with a Solaris Sun Server V240 system (GCCS) and have run into a problem where I can't seem to unlock my SECMAN account at the NON-GLOBAL level. I have access to all global accounts to include sysadmin and secman. I have access to the non-global sysadmin account and root... (4 Replies)
Discussion started by: TLAMGUY
4 Replies

2. Red Hat

Account lockout

having account lockout issues with an RHEL 5 server. My users are getting locked out for 10 minutes after one failed login attempt even though /etc/pam.d/sshd is configured for 5 failed attempts: auth include system-auth auth required pam_tally2.so deny=5 onerr=fail... (1 Reply)
Discussion started by: nerdalert
1 Replies

3. SuSE

PAM password change failed, pam error 20

Hi, I use a software which can create account on many system or application. One of resource which is managed by this soft his a server SUSE Linux Enterprise Server 10 (x86_64). patch level 3. This application which is an IBM application use ssh to launch command to create account in... (3 Replies)
Discussion started by: scabarrus
3 Replies

4. Red Hat

Account Lockout on Redhat

On a redhat linux 4 server, how to find if there is an account lockout duration is set. Is it configured under pam or /etc/shadow? what entries I need to find out? Is it pam_time.so module? I desperately need an answer because on one of the servers, no one was able to login through any account... (4 Replies)
Discussion started by: Tirmazi
4 Replies

5. UNIX and Linux Applications

Account lockout using Openldap

What is the best way to implement account lockout in openldap? I have an openldap server with Ubuntu desktop client connecting to it for authentication. I want he accounts to locked out after say 5 failed authentication attempts I have enabled ppolicy layout in slapd.conf. overlay ppolicy... (0 Replies)
Discussion started by: nitin09
0 Replies

6. Red Hat

Account lockout policy

Hi all; I m using Red Hat Enterprise Linux Server release 5.1 (Tikanga) and I'm trying to setup password lockout policy so that a user account locks out after 3 failed attempts. Here are the entires of my /etc/pam.d/system-auth #%PAM-1.0 # This file is auto-generated. # User changes... (1 Reply)
Discussion started by: maverick_here
1 Replies

7. AIX

lockout su for 1 user

I want to know if there is any easy way of stopping 1 user from using su? perferabily any su but I can make do with not allow him to su to root but allow other user to su to root. (3 Replies)
Discussion started by: daveisme
3 Replies

8. AIX

user lockout...

Hi, We are using 4.3.3.0 and I would like to make a global change to the "number of failed logins before user account is locked" Any ideas, other than using SMIT one user at a time.... ??? Thanks... Craig. (2 Replies)
Discussion started by: stumpy
2 Replies

9. UNIX for Dummies Questions & Answers

root lockout

Hi, I am extremely new to UNIX and was recently promoted to administer the system for a small company. Anyhow, the time came for passwords to change, and I made the huge mistake of entering in the command (as root) passwd -l After logging out (oblivious to what would happen next), the root... (4 Replies)
Discussion started by: newbieadmin
4 Replies

10. UNIX for Dummies Questions & Answers

Lockout Users

I am using AIx 4.3.3 and was wondering what the command was to keep users from logging in. I want to be able to do maintenance and keep the users out. Can anyone help? (7 Replies)
Discussion started by: cgillett
7 Replies
Login or Register to Ask a Question