one of the user can’t login to the system, even you have
reset the password, account was not locked by observing the shadow file.
|
[root@stpdb log]# grep abc /etc/shadow
abc:$1$.6KFA6pB$Z7AgIDAF3nvMh0LX.lTPh.:16870:0:99999:14:7::
[root@stpdb log]# chage -l abc
Minimum: 0
Maximum: 99999
Warning: 14
Inactive: 7
Last Change: Mar 10, 2016
Password Expires: Never
Password Inactive: Never
Account Expires: Never
|
Then you found this
|
[root@stpdb pam.d]# grep -i pam_tally
/var/log/messages
Mar 10 17:46:33 stpdb pam_tally[4865]:
user afiza (786) tally 20, deny 5
..
[root@stpdb pam.d]# grep -i abc
/var/log/secure
Mar 10 17:40:15 stpdb sshd[4648]:
Failed password for abc from 172.20.42.249 port 3034 ssh2
Mar 10 17:40:15 stpdb sshd[4648]:
Failed none for abc from 172.20.42.249 port 3034 ssh2
Mar 10 17:40:15 stpdb sshd[4648]:
Failed keyboard-interactive for abc from 172.20.42.249 port 3034 ssh2
..
[root@stpdb log]# faillog
Username Failures
Maximum Latest
root 64 0
Thu Apr 24 20:26:06 +0800 2014 on 172.30.5.10
abc 20 0
Thu Mar 10 19:16:15 +0800 2016 on 172.30.4.38
[root@stpdb pam.d]# grep pam_tally
/etc/pam.d/system-auth
auth required /lib/security/pam_tally.so
no_magic_root
account required /lib/security/pam_tally.so deny=5 reset
no_magic_root
|
This case, the user has been locked because of the “deny 5”
setting, as you can check from the “faillog” command. To reset the user failure
count, use below:
|
[root@stpdb log]# pam_tally --user=afiza –reset
[root@stpdb log]# faillog
Username Failures
Maximum Latest
root 64 0
Thu Apr 24 20:26:06 +0800 2014 on 172.30.5.10
abc 0 0
Thu Mar 10 19:16:15 +0800 2016 on 172.30.4.38
|
No comments:
Post a Comment