Pam_tally2 to Lock and Unlock User Accounts After Specified Attempts

pam_tally2 is an Pluggable Authentication Module (PAM), Module is used to specify user accounts lockout policy. Important and CRITICAL in security context, After few attempts user account should automatically lockout.  Administrators can achieve using pam_tally2 module. In this Article we are going to see pam_tally2 Lock Unlock User Accounts After Specified Attempts.

Pam_tally2 To Lock and Unlock User Accounts

This PAM Module maintains a count of attempted accesses, if access is success count will be reset to 0 Or else after too many attempts access deny. pam_tally2 is an application to manipulate counter file. It can display users counts, set individual counts or clear all counts. 

All you need to mention policy in below files. Be careful when your defining PAM policy because it may lead to no access to user accounts (if wrongly configured)

/etc/pam.d/login
/etc/pam.d/sshd
/etc/pam.d/sudo
/etc/pam.d/xserver

HowTo Lock and Unlock User Accounts

auth        required      pam_tally2.so no_magic_root deny=5 onerr=fail unlock_time=1200 audit
  • deny=5 – Deny access after 5 attempts and lock down user.
  • no_magic_root – Exclude to lock down root user.
  • unlock_time=1200 – Account will be locked till 20 Min (1200 Seconds = 20 Minutes). (remove this Unlock time if you want to lock down permanently – manually unlock.)
  • audit = Log audit
  • onerr=fail = If something weird happens (like unable to open the file), return with PAM_SUCCESS if onerr=succeed is given, else with the corresponding PAM error code.

By default log will be stored /var/log/taillylog, if you want different log file location for this specify file=FilePath

Log file is locate at below path, but you can’t read them directly you have to use PAM utility

/var/log/faillog
/var/log/tallylog
# pam_tally2 -f tallylog
Login Failures Latest failure From
root 510 07/27/17 15:43:06 unknown

See above command output root account has 510 failed attempts. To clear all User failed logins use below command options

# pam_tally2 -r -u root

Now check failed login attempts

 # pam_tally2 -u root
Login Failures Latest failure From
root 0

That’s it about PAM Utility. Lock and Unlock user Accounts.

Conclusion

Whenever you reset Linux user password but still not able to login using SSH, Just verify pam_tally2 failed attempts and clear them using above commands try login.

Related Articles

HowTo Monitor Cronjob Execution Status

How You know You’re Doing ps command Linux the right way

Linux tutorial

Thanks for your wonderful Support and Encouragement

Ravi Kumar Ankam

My Name is ARK. Expert in grasping any new technology, Interested in Sharing the knowledge. Learn more & Earn More

Leave a Reply

Your email address will not be published. Required fields are marked *