Re: auditing account lockouts
On Monday, October 10, 2011 09:54:00 AM Steve M. Zak wrote:
Hi,
Through experimentation and per Red Hat tech support when the deny=x switch
is set in /etc/pam.d/login as below
auth required pam_tally2.so deny=5 onerr=fail
the lockout happens at 5 failed attempts, but the audit trail does not
record it until the next try.
The man page says that the account lockout occurs when the tally _exceeds_ the deny
parameter. To lockout on 5 failed attempts, use deny=4.
-Steve