[solved] pam_tally2 not locking with graphical login
Posted: 2020/03/23 17:55:50
Hello. I am taking a Linux Security class in school, and we are using "Mastering Linux Security and Hardening" by Donald Tevault as our text. The book has us create a CentOS 7 VM to use for the labs, and instructs us to install with GNOME or KDE desktop environments. I installed with GNOME.
In chapter 2 of the book for one of the labs, it has us configure it to lock the user account after 5 failed login attempts by adding the following line to /etc/pam.d/login
auth required pam_tally2.so deny=4 even_deny_root unlock_time=1200
We are then try to login as one of the users we have created using bad passwords to initiate the account lock. We then login as our own user, and check for output using the following command
I attempted to login with bad passwords in the graphical login screen, but after 4 attempts, it just puts me back to the screen with the list of users, and does not give me a message about the account being locked. I attempted the login 10 times, then logged in with my own account. Running the command did not provide any output.
I switched to tty2, and tried the experiment again from the console, and the account was successfully locked. I also was able to get output from the command and also unlock the account, so I was able to finish my lab for class.
But I don't understand why it wouldn't work with the graphical login. I thought maybe it was GDM, so I installed and enabled SDDM, but got the same result. Does anyone have any insight into why that would be? And if so, can you explain it to me? I was able to finish the lab for my class, but I really do enjoy learning everything I can about Linux, and my curiosity is burning.
Thank you for any help you can provide.
In chapter 2 of the book for one of the labs, it has us configure it to lock the user account after 5 failed login attempts by adding the following line to /etc/pam.d/login
auth required pam_tally2.so deny=4 even_deny_root unlock_time=1200
We are then try to login as one of the users we have created using bad passwords to initiate the account lock. We then login as our own user, and check for output using the following command
Code: Select all
sudo pam_tally2
Code: Select all
sudo pam_tally2
I switched to tty2, and tried the experiment again from the console, and the account was successfully locked. I also was able to get output from the command and also unlock the account, so I was able to finish my lab for class.
But I don't understand why it wouldn't work with the graphical login. I thought maybe it was GDM, so I installed and enabled SDDM, but got the same result. Does anyone have any insight into why that would be? And if so, can you explain it to me? I was able to finish the lab for my class, but I really do enjoy learning everything I can about Linux, and my curiosity is burning.
Thank you for any help you can provide.