I am trying to implement account lockout for Ubuntu systems using pam_tally. The login should be disabled for certain interval on 3 invalid login attempts. This should happen for both system and LDAP logins to the system.
(We have a working LDAP central authentication system where users from Ubuntu clients can authenticate)
How can we configure this ? I could see some articles on this for redhat but not ubuntu
Best Answer
If you have
pam_tally
configured already, you just need to add it to your /etc/pam.d/common-auth directory. Failed logins from LDAP should appear--to PAM--as the same as failed logins against your local machine. So just make sure you get the ordering correct:(Adapt paths as necessary)
(source)