Description of problem: The pam_tally module didn't know lock_time and unlock_time arguments Version-Release number of selected component (if applicable): pam-0.75-62 RHEL 3 Update 6 How reproducible: Add the two following lines into the file /etc/pam.d/system_auth auth required /lib/security/$ISA/pam_tally.so onerr=fail no_magic_root account required /lib/security/$ISA/pam_tally.so onerr=fail deny=3 no_magic_root lock_time=15 unlock_time=1800 Steps to Reproduce: 1. Add the pam_tally configuration (see above) into the /etc/pam.d/system_auth/system-auth file 2. Try to do some login with a false password. 3. Watch the logs Actual results: The syslog displays: pam_tally: unknow option; unlock_time=1800 pam_tally: unknow option; lock_time=15 Expected results: User should be locked after 3 failled login, and unlocked after waiting 1800 seconds (30 minutes) Additional info: http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/sag-pam_tally.html
This problem will be resolved in a future major release of Red Hat Enterprise Linux. Red Hat does not currently plan to provide a resolution for this in a Red Hat Enterprise Linux update for currently deployed systems. With the goal of minimizing risk of change for deployed systems, and in response to customer and partner requirements, Red Hat takes a conservative approach when evaluating changes for inclusion in maintenance updates for currently deployed products. The primary objectives of update releases are to enable new hardware platform support and to resolve critical defects.