The wikis are now using the new authentication system.
If you did not migrate your account yet, visit

SDB:Lock user account after login fails

Şuraya atla: kullan, ara


You want to lock a user's account after he/she failed to authenticate e.g. three times.


The following desribes how you can do this, using /etc/passwd and the service SSH. In principle this is possible with each service, which uses PAM.

There is a PAM module called with which this intention can be done. Include the following lines to /etc/pam.d/sshd

 auth required onerr=fail no_magic_root
 auth required # set_secrpc
 auth required
 auth required
 account required
 account required
 account required deny=3 reset no_magic_root
 password required
 password required    use_first_pass use_authtok
 session required    none     # trace or debug
 session required

If a user fails the authentication procedure, the counter for failed attempts is increased by one. If this counter has reached three (see the deny=3 parameter), the account is locked.

The locked account can be unlocked by calling

faillog -r -a <UID>

where <UID> has to be exchanged by the real login name of the user. You can find further documentation about in the pam documentation.