pam_tally2 is installed on digital ocean droplet but does not seem to be working

June 28, 2014 1.4k views

Hi I want to lockout the root account for several minutes for wrong password. I think PAM package is already installed on Digital Ocean droplet. I am told to add this

auth required pam_tally2.so deny=3 onerr=fail lock_time=1800 
auth required pam_env.so

to nano /etc/pam.d/system-auth

However my droplet don't have system-auth

when I run /sbin/pam_tally2 I get the below even though I can see the file

pam_tally2: No such file or directory

Please me know how to setup the account lockout function. Before I download and recompile PAM and risk messing up my server I wonder if there is a tested method on solving this. cheers.

1 Answer

Are you trying to follow a guide for CentOS on Ubuntu? On an Ubuntu system you would use:

nano /etc/pam.d/common-auth 

Running pam_tally2 will give you the error:

pam_tally2: No such file or directory

But if you pass it arguments it will show the appropriate output. For instance:

# pam_tally2 --user=root
Login           Failures Latest failure     From
root                0
Have another answer? Share your knowledge.