Skip to Main Content
Forums

Infrastructure Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

account locking

RobeenNov 15 2017 — edited Nov 16 2017

Red Hat Linux 6/7

Hi,

I have performed the steps in

2.1.9.5. Account Locking

But still account is not locked after 3 bad attempts

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html-single/security_guide/index#sect-Security_…

Please advise where I could be wrong.

system-auth:

#%PAM-1.0

# This file is auto-generated.

# User changes will be destroyed the next time authconfig is run.

auth        required       pam_faillock.so preauth silent audit deny=3 unlock_time=600

auth        sufficient     pam_unix.so nullok try_first_pass

auth        [default=die]  pam_faillock.so authfail audit deny=3 unlock_time=600

auth        required      pam_env.so

auth        sufficient    pam_fprintd.so

auth        requisite     pam_succeed_if.so uid >= 500 quiet

auth        sufficient    pam_krb5.so use_first_pass

auth        required      pam_deny.so

account     required      pam_faillock.so

account     required      pam_access.so

account     required      pam_unix.so broken_shadow

account     sufficient    pam_localuser.so

account     sufficient    pam_succeed_if.so uid < 500 quiet

account     [default=bad success=ok user_unknown=ignore] pam_krb5.so

account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3 type=

password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok

password    sufficient    pam_krb5.so use_authtok

password    required      pam_deny.so

session     optional      pam_keyinit.so revoke

session     required      pam_limits.so

session     optional      pam_oddjob_mkhomedir.so umask=0077

session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid

session     required      pam_unix.so

session     optional      pam_krb5.so

~

password-auth

#%PAM-1.0

# This file is auto-generated.

# User changes will be destroyed the next time authconfig is run.

auth        required       pam_faillock.so preauth silent audit deny=3 unlock_time=600

auth        sufficient     pam_unix.so nullok try_first_pass

auth        [default=die]  pam_faillock.so authfail audit deny=3 unlock_time=600

auth        required      pam_env.so

auth        requisite     pam_succeed_if.so uid >= 500 quiet

auth        sufficient    pam_krb5.so use_first_pass

auth        required      pam_deny.so

account     required      pam_access.so

account     required      pam_unix.so broken_shadow

account     sufficient    pam_localuser.so

account     required      pam_faillock.so

account     sufficient    pam_succeed_if.so uid < 500 quiet

account     [default=bad success=ok user_unknown=ignore] pam_krb5.so

account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3 type=

password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok

password    sufficient    pam_krb5.so use_authtok

password    required      pam_deny.so

session     optional      pam_keyinit.so revoke

session     required      pam_limits.so

session     optional      pam_oddjob_mkhomedir.so umask=0077

session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid

session     required      pam_unix.so

session     optional      pam_krb5.so

Regards,

Joe
This post has been answered by Dude! on Nov 15 2017
Jump to Answer
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Dec 14 2017
Added on Nov 15 2017
#generic-linux, #linux
8 comments
1,062 views