Configuration password-auth
#vi /etc/pam.d/password-auth
AUTH configuration line to it at beginning of the ‘auth‘ section
auth required pam_tally2.so file=/var/log/tallylog deny=3 even_deny_root unlock_time=120
Next, add the following line to ‘account‘ section.
account required pam_tally2.so
Parameters
file=/var/log/tallylog – Default log file is used to keep login counts.
deny=3 – Deny access after 3 attempts and lock down user.
even_deny_root – Policy is also apply to root user.
unlock_time=1200 – Account will be locked till 20 Min. (remove this parameters if you want to lock down permanently till manually unlock.)
------------ THE END -------------------------