Question

pam_tally2 is installed on digital ocean droplet but does not seem to be working

Posted June 28, 2014 3.3k views

Hi I want to lockout the root account for several minutes for wrong password. I think PAM package is already installed on Digital Ocean droplet. I am told to add this

auth required pam_tally2.so deny=3 onerr=fail lock_time=1800 
auth required pam_env.so

to nano /etc/pam.d/system-auth

However my droplet don’t have system-auth

when I run /sbin/pam_tally2 I get the below even though I can see the file

pam_tally2: No such file or directory

Please me know how to setup the account lockout function. Before I download and recompile PAM and risk messing up my server I wonder if there is a tested method on solving this. cheers.

Add a comment
robertlam18
By:
robertlam18

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
1 answer
asb June 30, 2014

Are you trying to follow a guide for CentOS on Ubuntu? On an Ubuntu system you would use:

nano /etc/pam.d/common-auth

Running pam_tally2 will give you the error:

pam_tally2: No such file or directory

But if you pass it arguments it will show the appropriate output. For instance:

# pam_tally2 --user=root
Login           Failures Latest failure     From
root                0
Reply Report

Looking for something else?

Ask a new question Search for more help