pam_tally Fails to Block Console Login and SSH Login
(Doc ID 815370.1)
Last updated on FEBRUARY 26, 2020
Applies to:Linux OS - Version 2.6.18 and later
Oracle Cloud Infrastructure - Version N/A and later
Linux Kernel - Version: 2.6.18
pam_tally does not block console login or SSH login when the failure count is met. However, it works with "su" login.
No matter how many failures against the login via SSH or console, the failure count remains zero, as follows:
Login Failures Maximum Latest On
user 0 0 MM/DD/YY HH:MM:SS -0400 hostname
You may have migrated the configuration from EL4 to EL5.
You may have identified the following error from /var/log/secure
and then changed /etc/pam.d/system-auth as follows:
auth required pam_tally.so onerr=fail deny=3 unlock_time=60 magic_root
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document