pam_tally2 Authentication issues

The other day I was trying to log in with a newly created user in CentOS Linux with the The United States Government Configuration Baseline (USGCB) security settings applied. The USGCB requires password policies to be enforced (like denying log in after 5 failed attempts). However, the login screen does not indicate why I was unable to login, other than just saying an invalid user name or password. This made understanding the problem a bit difficult, then I consulted the authentication logs found at:

/var/log/secure

I found the last few lines indicating a problem with excessive failed logins (sorry, I do not have the exact error available) and the PAM module, pam_tally2 was to blame. You can discover if this is your issue too by issuing the command:

This will list the lines with pam_tally2 messages. Look for error indicating excessive failed logins.

You can then clear the login count (after verifying that there are no security issues with the account) by issuing the following command:

Where USERNAME is the logon name of the user that needs his/her failed logon count reset. If you want to view the failed logon counts of the users on your system, issue the following command:

Special thanks to the (uN)Tech blog for this information: http://telinit0.blogspot.com/2009/12/pamtally2-lock-account-after-failed.html

Print Friendly, PDF & Email

Leave a Reply