The explanation seems to be that pam_tally2 records a failed login when login command is started, even before a password is entered. Normally, the failed logins counter is reset when the user enters the correct password.
For login this works correctly when the following line is added in pam config (common-auth): auth required pam_tally2.so file=/var/log/tallylog deny=5 even_deny_root unlock_time=1200 serialize However, when using sudo, the counter only gets reset when the following line is added to pam configuration (common-account): account required pam_tally2.so So, the workaround is to add the above line in pam config. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/ebd73833-aa88-41ab-93aa-530957a9c85a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
