Results 1 to 1 of 1
Thread: pam_tally2 prevent lockout
Enjoy an ad free experience by logging in. Not a member yet? Register.
- Join Date
- Jun 2007
pam_tally2 prevent lockout
I am trying to harden a production system running rhel 5.4
My problem is with pam_tally2.I want pam_tally2 to lockout almos all users
after 3 failled attempts,i can do that easilly with deny=3.My problem
is that for some users or for a specific group i want pam_tally2 not to lock
their accounts not matter how many attempts they trie,to prevent a denial
of service attack.Any idea on how to do this,
p.s seems that the per_user option is not working as expected,meaning
that even if i setup a faillog -m 0 username pam_tally2 overwrites that
every time i login with m=3 for all users,perhaps i am missing something here.