Setting a Lock-out Policy

Setting a lock out policy in CentOS or Fedora is very easy.

  1. edit /etc/pam.d/system-auth

auth required onerr=fail no_magic_root
account required deny=3 unlock_time=3600 no_magic_root reset

onerr=fail if there is a problem opening the file for some reason fail login
no_magic_root this means if the module is called with a uid=0 then the counter is incremented, this is for launching services
deny=3 lockout will occur if the user exceeds 3 logins
reset means if the sign in correctly then the account will be reset
unlock_time=3600 number of seconds before unlock

This entry was posted in CentOS, Fedora, Linux and tagged , . Bookmark the permalink.

Leave a Reply