步骤:
1 备份相应的配置文件
[root@redhat pam.d]# cp system-auth system-auth.bak(备份文件)
2 将配置文件system-auth,修改后内容如下所示:
[root@redhat pam.d]# more system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth required pam_unix.so nullok try_first_pass (将原来的sufficient 改为required)
#auth requisite pam_succeed_if.so uid >= 500 quiet (注释掉此行)
#auth required pam_deny.so (注释掉此行)
auth required pam_tally2.so deny=5 onerr=fail (增加的一行)
account required pam_unix.so
account sufficient pam_succeed_if.so uid < 500 quiet
account required pam_permit.so
account required pam_tally2.so (增加的一行)
password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
3 验证我们的配置
使用用户123(普通用户)进行多次尝试登录。察看相应的结果。(输入的错误的密码)
同时我们也可以察看相应的日志文件
[root@redhat pam.d]# cat /var/log/secure | grep 123
4 解锁用户
[root@redhat pam.d]# /sbin/pam_tally2 --user 123 --reset
Login Failures Latest failure From
123 6 05/19/11 02:55:30 tty1 (呵呵,共失败了6次)
转载于:https://blog.51cto.com/297020555/574570