The explanation seems to be that pam_tally2 records a failed login when
login command is started, even before a password is entered. Normally, the
failed logins counter is reset when the user enters the correct password.
For login this works correctly when the following line is added in pam
auth required pam_tally2.so file=/var/log/tallylog deny=5 even_deny_root
However, when using sudo, the counter only gets reset when the following
line is added to pam configuration (common-account):
account required pam_tally2.so
So, the workaround is to add the above line in pam config.
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
To post to this group, send email to email@example.com.
To view this discussion on the web visit
For more options, visit https://groups.google.com/d/optout.