Hello. I`m trying to set PAM to lock user account. I tried lock my user, got confirm, that user is locked.
But when I try correct password, I got logged in into system only if user is locked. What problem can be here?
Here is my [url=http://pastebin.com/Z3RiRZCS]/etc/pam.d/system-auth[/url]
pam_tally2 not lock user?
Re: pam_tally2 not lock user?
Problem solved. Need correct place for lines, pam_tally2.so line need to put after pam_env.so module.
[code]auth required pam_env.so
auth required pam_tally2.so deny=3 onerr=fail[/code]
Is there is possible to make ssh automatically understand that user is locked and do not offer password input possibilities, but show warning?
[code]auth required pam_env.so
auth required pam_tally2.so deny=3 onerr=fail[/code]
Is there is possible to make ssh automatically understand that user is locked and do not offer password input possibilities, but show warning?
Re: pam_tally2 not lock user?
AFAIK you can set ChallengeResponseAuthentication to yes in /etc/ssh/sshd_config and it will be showing following warning:
Account locked due to X failed logins
However it will keep prompting for password anyway.
Account locked due to X failed logins
However it will keep prompting for password anyway.