Pam_Tally2 User Lockouts. (Kaydo)

Peter Shulkin pshulkin at demoulasmarketbasket.com
Thu Jun 17 18:02:25 UTC 2010 

Date: Wed, 16 Jun 2010 13:00:07 -0500
From: "Kaydo" <kaydo at rice.edu>
To: "'General Red Hat Linux discussion list'" <redhat-list at redhat.com>
Subject: RE: Pam_Tally2 User Lockouts. (Kaydo)
Message-ID: <69A317DF835840E0A6DC156A15EB249D at adminsystems.rice.edu>
Content-Type: text/plain;	charset="US-ASCII"

>Thank you for the response Peter but faillog is for the pam_tally
module >and not pam_tally2.  

 
>- Kaydo


The pam_tally2 utility can be used to unlock user accounts as follows:
# /sbin/pam_tally2 --user username --reset

Without the reset, it lists the failures.

/sbin/pam_tally2 --user fubar
Login           Failures Latest failure     From
fubar            0    

Peter
-----Original Message-----
From: Peter Shulkin 
Sent: Wednesday, June 16, 2010 1:19 PM
To: 'redhat-list at redhat.com'
Subject: RE: Pam_Tally2 User Lockouts. (Kaydo)

----------------------------------------------------------------------

Message: 1
Date: Tue, 15 Jun 2010 15:15:59 -0500
From: "Kaydo" <kaydo at rice.edu>
To: "'General Red Hat Linux discussion list'" <redhat-list at redhat.com>
Subject: Pam_Tally2 User Lockouts.
Message-ID: <FE71C7ADF9DF4916A0784165E03F187E at adminsystems.rice.edu>
Content-Type: text/plain;	charset="US-ASCII"

>Hi,

>I've configured user lockouts using the pam_tally2 module but I have a
>question.  Is there a command that I can run that will tell me whether
a
>user's account is locked out from this module or not?  If I run passwd
-S
><user> it doesn't say that the account is locked, I'm thinking this
only
>works if the account was locked using usermod -L.  I know I can use
>pam_tally2 command to see the failed login counts, but it would be
great if
>there were a command that would directly tell me if a user was locked
out
>due to this module.  Anybody know of such a command?

>Thanks guys,

Of course, you know about the faillog program.  Faillog -u userid tells
you if that userid is locked out, and faillog -u userid -r resets the
account.  Check the man pages for more info.

Peter
________________________________________________

>Kenrick Bramble, Systems Manager

>Administrative Systems Dept | 713-348-8645 |  <mailto:kaydo at rice.edu>
>kaydo at rice.edu Rice University | 6100 Main Street | Houston, TX 77005 

>"Never seem more learned than the people you are with. Wear your
learning >like a pocket watch and keep it hidden. Do not pull it out to
count the >hours, but give the time when you are asked."

 

>-- Lord Chesterfield

More information about the redhat-list mailing list