You are not logged in.

Pages: 1

#1 2012-07-24 00:46:45

Anders H
Member
From: Reno, NV
Registered: 2011-07-31
Posts: 43
Website

Lock out after 3 login attempts with new pam config [Solved].

Afternoon everyone,

I've recently finished setting up a new arch install after rebuilding my machine and I want to lock out users after 3 login attempts. I've done this before with Arch following this guide. However with the updates to PAM and the new config files I don't know how to make this happen anymore.

I found a thread that has a copy of a config file that might help me accomplish the user lockout but it is for Red Hat and I don't want to have any errors / extraneous entries in my pam config file.

my current /etc/pam.d/login file looks like this

 
#%PAM-1.0

auth       required     pam_securetty.so
auth       requisite    pam_nologin.so
auth       include      system-local-login
account    include      system-local-login
session    include      system-local-login

What should I add to lock out users after 3 login attempts?

Edit: Issue fixed by amending

/etc/pam.d/system-login

not

/etc/pam.d/login

Last edited by Anders H (2012-07-24 03:16:00)

www.andersherzberg.com

Offline

#2 2012-07-24 01:31:59

falconindy
Developer
From: New York, USA
Registered: 2009-10-22
Posts: 4,111
Website

Re: Lock out after 3 login attempts with new pam config [Solved].

Make your changes to pam_tally in /etc/pam.d/system-login.

blog | ±github

Offline

#3 2012-07-24 03:13:40

Anders H
Member
From: Reno, NV
Registered: 2011-07-31
Posts: 43
Website

Re: Lock out after 3 login attempts with new pam config [Solved].

Thanks I made the changes.

/etc/pam.d/system-login looks like this now

#%PAM-1.0

#auth       required   pam_tally.so         onerr=succeed file=/var/log/faillog
auth       required   pam_shells.so
auth       requisite  pam_nologin.so
auth       include    system-auth
auth       required   pam_tally.so         deny=2 unlock_time=600 onerr=succeed file=/var/log/faillog

account    required   pam_access.so
account    required   pam_nologin.so
account    include    system-auth

password   include    system-auth

session    optional   pam_loginuid.so
session    required   pam_env.so
session    include    system-auth
session    optional   pam_motd.so          motd=/etc/motd
session    optional   pam_mail.so          dir=/var/spool/mail standard
-session   optional   pam_ck_connector.so  nox11
-session   optional   pam_systemd.so

Thanks I'll mark this as solved.

Can someone amend the wiki?

www.andersherzberg.com

Offline

#4 2014-12-03 10:39:29

derander
Member
Registered: 2014-12-03
Posts: 1

Re: Lock out after 3 login attempts with new pam config [Solved].

Hello!

It looks to me like it doesn't work with user "root".
Am I right or did I miss a fact?

If it doesn't work for "root", it seems useless to me to do that configuration.

Best regards
Andre

Offline

Pages: 1

Board footer

Powered by FluxBB