If you did not migrate your account yet, visit https://idp-portal-info.suse.com/
SDB:Lock user account after login fails
You want to lock a user's account after he/she failed to authenticate e.g. three times.
The following desribes how you can do this, using
/etc/passwd and the service SSH. In principle this is possible with each service, which uses PAM.
There is a PAM module called pam_tally.so with which this intention can be done. Include the following
pam_tally.so lines to
#%PAM-1.0 auth required pam_tally.so onerr=fail no_magic_root auth required pam_unix2.so # set_secrpc auth required pam_nologin.so auth required pam_env.so account required pam_unix2.so account required pam_nologin.so account required pam_tally.so deny=3 reset no_magic_root password required pam_pwcheck.so password required pam_unix2.so use_first_pass use_authtok session required pam_unix2.so none # trace or debug session required pam_limits.so
If a user fails the authentication procedure, the counter for failed attempts is increased by one. If this counter has reached three (see the deny=3 parameter), the account is locked.
The locked account can be unlocked by calling
faillog -r -a <UID>
where <UID> has to be exchanged by the real login name of the user. You can find further documentation about pam_tally.so in the pam documentation.