PAM Problem with pam_tally
Scott Ruckh
sruckh at gemneye.org
Thu May 3 06:50:32 UTC 2007
On Tue, 2007-05-01 at 19:48 -0400, Paul Whitney wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> I have a problem with the tally option. I have set the max retry's to 3.
> When I type in the wrong password three times, I manage to lock out the
> account. I thought I set the lockout time to 900 seconds (15 min) and set
> the retry.
>
> Apparently the account is completely locked out and I cannot figure out how
> to unlock it.
>
> Paul
Have you tried 'pam_tally --reset'? This assumes you installed the PAM
tally utilities. You can also reset the PAM tally for an individual
user. I believe the syntax is 'pam_tally --reset -u username'. I think
running pam_tally without any parameters will list the different
options.
I am not sure if the helps your situation or not. If you believe all
the other account settings look like the account should be enabled then
resetting the tally should be a good place to start.
More information about the Pam-list
mailing list