On Monday, October 10, 2011 09:54:00 AM Steve M. Zak wrote: > Hi, > > Through experimentation and per Red Hat tech support when the deny=x switch > is set in /etc/pam.d/login as below > > auth required pam_tally2.so deny=5 onerr=fail > > the lockout happens at 5 failed attempts, but the audit trail does not > record it until the next try.
The man page says that the account lockout occurs when the tally _exceeds_ the deny parameter. To lockout on 5 failed attempts, use deny=4. -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
