pam_tally v.s. pam_tally2

[schumi]

http://www.linuxmantra.com/2010/06/lock ... ly-or.html

Lock account in linux using pam_tally or pam_tally2
pam_tally pam module can be used to lock a account after centain number of failed login attempt. For example if you want to lock user after 3 failed login attempt. Then configure you /etc/pam.d/system-auth file in following ways
auth required pam_tally.so onerr=fail deny=3
(Remember to put this line above the line auth required pam_unix.so)
account required pam_tally.so reset
Now save the system-auth file and try it with some user. This worked for my RHEL 5.4 system.
But suppose you have some extended requirement to lock user for few seconds or minutes after invalid login attempts. You can try pam_tally2 pam module. Like in following statement unlock_time is 5 minute after get locked for 3 unsuccessful login attempt. Edit for /etc/pam.d/system-auth file in following ways
auth required pam_tally2.so deny=3 unlock_time=300
To get information about when last invalid login attempted you can use following command
root#pam_tally2 -u
To manually Unlock the account use following command
root#pam_tally2 -r -u