There are many places where you can restrict user login. Linux is also the same. When you fail to log in multiple times, you can restrict user login, thus protecting the security of the computer. It can be realized by PAM module. Let's get together to understand.
Linux has a PAM module of pam_tally2.so to limit the number of login failures for users. If the number of times reaches the set threshold, the user is locked.
Compiling PAM configuration files # vim /etc/pam.d/login
#%PAM-1.0
auth required pam_tally2.so deny=3 lock_time=300 even_deny_root Root_unlock_time=10
auth [user_unknown=ignore success=ok ignoreignore=ignore default=bad] pam_securetty.so
auth include system-auth
account required pam_nologin.so< Br>
account include system-auth
password include system-auth
#pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session optional pam_keyinit.so force revoke
session required pam_loginuid.so
session include system-auth
session optional pam_console.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open
Explanation of parameters
even_deny_root is also restricted Root user;
deny sets the maximum number of consecutive incorrect logins for normal users and root users. If the maximum number of times exceeds the maximum number, the user is locked.
unlock_time Sets the amount of time after the normal user locks, and the unit is seconds; >
root_unlock_time Sets the amount of time after the root user is locked, in seconds;
The pam_tally2 module is used here. If pam_tally2 is not supported, the pam_tally module can be used. In addition, different pam versions, settings may be different, specific methods of use, you can refer to the rules of use of the relevant modules.
Under #%PAM-1.0, the second line, add content, must be written in front, if written in the back, although the user is locked, but as long as the user enters the correct password, you can still log in of!
Previous12Next Total 2 Pages
After installing Ubuntu system in the notebook, there are problems such as fast power consumption, w
Users in the Linux system found that the iptables could not be started in the linode, and the follow
Tmux is a terminal-use software that can open multiple terminals remotely and has m
UTF-8 is a variable-length character Unicode code for Linux systems that supports m
Steps to turn off root remote login on AIX
Debian install closed source package method
Linux system iPtraf installation and use method
Linux using shell scripts to measure high-speed network traffic
Linux grub2 startup failure solution
Crunchbang system restores Openbox default configuration method
Linux tips for modifying tab widths
Linux beginners need to understand the Bash command operation skills to share
Detailed method for automatic backup and deletion of website data under Linux
Introduction to the usr directory in Linux
Win7 open notepad appears garbled solution summary
How does Win10 set up headphones and audio at the same time?
[Download] Microsoft Win10 Remote Desktop Preview 10.0.0.808 Download
How does Windows 8 open a command prompt?
Win8.1 system application store 0X80246007 error solution
How to use Win10's own anti-virus tool
WinXP SP2: IE Add-on Management
Several reasons and solutions for decomposing the blue screen of xp system