Exadata · Oracle

Linux login management – pam_tally2

You enter wrong password on your linux login then you cannot able to login. It may take a while to let you login again this is a security feature and It might be enabled using the pam_tally2 option on your linux machine.

Enable Login

1 – wait for the login lock time (10 min)

2 – reset the failed logins for that linux user
If you cannot login using a ssh client try ssh from another machine which have ssh equivalency.

[root@testadm02 ~]# ssh testadm01
Last login: Thu Jan 16 08:30:24 2014 from 192.168.190.1

Reset the failed login count to zero.

[root@testadm01 ~]# pam_tally2 -u root
Login           Failures Latest failure     From
root                1    01/16/14 08:31:33  192.168.190.1
[root@testadm01 ~]# pam_tally2 -u root -r 
Login           Failures Latest failure     From
root                1    01/16/14 08:31:33  192.168.190.1
[root@testadm01 ~]# pam_tally2 -u root 
Login           Failures Latest failure     From
root                0    

Disable Lock time

This line controls the pam_tally2 features

[root@testadm01 ~]# cat   /etc/pam.d/sshd   | grep pam_tally2   
auth       required     pam_tally2.so deny=5 onerr=fail lock_time=600

Erase the lock_time option

[root@testadm01 ~]# cat   /etc/pam.d/sshd   | grep pam_tally2   
auth        required     pam_tally2.so deny=5 onerr=fail

That is it.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s