Simple but Useful Linux Tip
Thanks to Vinytips for sharing this simple but Useful Linux login settings for to Lock User Accounts After Failed Login.Mostly this sort of tips help an admin to restrict Linux login attempsts after wrong passwords are given as input.
- Open /etc/pam.d/system-auth file.
- Now write these lines just above the line stating auth sufficient pam_unix.so:
auth required pam_tally2.so onerr=fail deny=3
account required pam_tally2.so reset
Then save and exit. Now the account will be locked after three failed login attempts.
There are various other options you can use like-
unlock_time=100 will unlock the account after 100 seconds. You can use any value for unlock_time field. If you don’t use this parameter then you’ll have to manually unlock a locked account using pam_tally2 -r -u username command.
lock_time=100 will lock the account for 100 seconds after failed attempts to login.
no_magic_root will avoid locking root account.
For more look for man auth or account commands ….