Inform user of locked account

**jpeg** · 06-23-2009

Hello,

I'm on Fedora core 8 and I recently finished configuring pam to deny access after a certain number of failed login attempts.

My pam configuration works just fine (suprisingly), but when it locks the account you don't get any message that this has occured. When you try to enter the password again you get the authorization failure, but the user is never informed that the account has been locked.

Does anyone have any ideas on how to address this? I'd appreciate the help.

**vickey_20** · 06-29-2009

can you post the configuration file you have tweaked , so that we get a fair idea . form where actaully the user is being disabled and what options are available to infrom the user about account expiration.

**jpeg** · 06-30-2009

vickey_20,

Thanks for the response.

All I did was change the system-auth symlink from the /etc/pam.d/system-auth-ac file to a local config file (It had the same rules in it as the system-auth-ac). Then I added the blocking rule:

Code:

auth  required  pam_tally.so  onerr=fail  file=/var/log/faillog  audit  deny=3  per_user

So the blocking is being done by the pam_tally module.

**vickey_20** · 07-01-2009

sorry friend but I don't know much about this module but anyway here's a good link that will surely help you 6.32.pam_tally - login counter (tallying) module

Thread Tools

Display

Inform user of locked account

Posting Permissions