pam_tally Fails to Block Console Login and SSH Login (Doc ID 815370.1)

Last updated on MAY 21, 2015

Applies to:

Linux OS - Version: 2.6.18 and later   [Release: and later ]
Linux x86
Linux x86-64
Linux Kernel - Version: 2.6.18

Symptoms

pam_tally does not block console login or SSH login when the failure count is met. However, it works with "su" login.

No matter how many failures against the login via SSH or console, the failure count remains zero, as follows:
# faillog
Login       Failures Maximum Latest                   On
user            0        0   MM/DD/YY HH:MM:SS -0400  hostname

Changes

You may have migrated the configuration from EL4 to EL5.

You may have identified the following error from /var/log/secure
unknown option: no_magic_root
and then changed /etc/pam.d/system-auth as follows:
...
auth required pam_tally.so onerr=fail deny=3 unlock_time=60 magic_root
...

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms