On Tue, Apr 20, 2010 at 08:26:18PM +0100, Tom Brown wrote: > Hi > > I am trying to lock users after 3 attempts and then set the timeout > before they can log in again. > I thought i could achieve this with > > auth required pam_tally.so deny=3 unlock_time=600 > > in /etc/pam.d/system-auth but it seems to not be the case - I cant > find a working config for this anywhere and i wonder if anyone has one > they can share? > > thanks I'm not familiar with this module, but it looks like there's a userspace tool 'pam_tally' which you could use to query the tally files. Might be worth confirming that the login failures and such are even being tracked correctly. Any errors in your logs? A brief perusal of the man page seems to indicate that your syntax is correct... Ray