Monday, April 26, 2010

Locking out users with pam_tally

Module pam_tally deny access if too many access attempts fail. Add this line to /etc/pam.d/common-auth to lock the account after 3 failed logins. The accounts will be automatically unlocked after 20 minutes.
# Lock the account after 3 failed logins. The accounts 
# will be automatically unlocked after 20 minutes.
account required pam_tally.so deny=3 unlock_time=1200
You can unlock user manually with:
pam_tally --user user1 --reset=0
Read more about this here.

1 comment :