0

Here is my password-auth file:

auth        required       pam_faillock.so preauth silent deny=5 unlock_time=900
auth        required       pam_faillock.so authfail deny=5 unlock_time=900
auth        include        password-auth-ac

account     include        password-auth-ac

password    include        password-auth-ac

session     required       pam_tty_audit.so disable=* enable=root
session     optional       pam_umask.so
session     include        password-auth-ac

Here is my system-auth file:

auth        required       pam_faillock.so preauth silent deny=5 unlock_time=900
auth        required       pam_faillock.so authfail deny=5 unlock_time=900
auth        include        system-auth-ac

account     include        system-auth-ac

password    sufficient     pam_unix.so remember=5
password    include        system-auth-ac

session     required       pam_tty_audit.so disable=* enable=root
session     optional       pam_umask.so
session     include        system-auth-ac

I also have a user logging with a password that locks after 5 successful logins. All logs indicate the previous logins worked, but the 5th attempt locks the account.

I have no idea where to start looking for answers.

UPDATE:

using failock --user ftpweb I have been able to identify when this error occurs. Using my default ssh options, it tallies a failed login before I enter the password. Using -o PreferredAuthentications=password -o PubkeyAuthentication=no It occurs after the entering the password successfully.

Brandon Kauffman
  • 101
  • 3
  • Can you post the full content of this file? – cutrightjm Dec 11 '21 at 04:03
  • @cutrightjm I have updated my post to include the file, filename and the system-auth file. – Brandon Kauffman Dec 11 '21 at 04:57
  • Disclaimer: I am bad at PAM files. However, try adding `auth sufficient pam_unix.so try_first_pass ` after your second `pam_faillock.so` line. Is there any particular reason the PAM files have been modified? – cutrightjm Dec 12 '21 at 01:52
  • I can't speak on this with certainty. I believe it's just my company's policy. I'm inheriting this problem from another team that owns the server. I'm trying to dig deeper to verify that their pam config is causing the problem and not the product with the locking service account – Brandon Kauffman Dec 13 '21 at 02:58
  • Did you ever reach a resolution to this? – cutrightjm Jul 24 '22 at 17:17
  • The system admin remove pam faillock until someone else could look at it. I never heard what happened next. I had gone to bootcamp for 6 months – Brandon Kauffman Jul 25 '22 at 13:37

0 Answers0