Hi,

 

Through experimentation and per Red Hat tech support when the deny=x switch is set in /etc/pam.d/login as below

 

auth       required     pam_tally2.so deny=5 onerr=fail

 

the lockout happens at 5 failed attempts, but the audit trail does not record it until the next try.

 

Does the audit system provide a way to show that the lockout has occurred when the deny number is reached?  Ideally this would be some system log that uses a variation of “Account locked”

 

 

 

Thanks!

 

____________________________________________

Steve M. Zak,

 

-- 
This email was Anti Virus checked by Astaro Security Gateway. http://www.astaro.com