login issue after pam configuration

Hi,

 

I have implemented
2.1.9.5. Account Locking

 The /etc/pam.d/system-auth-local file should contain the following lines:

auth        required       pam_faillock.so preauth silent audit deny=3 unlock_time=600
auth        include        system-auth-ac
auth        [default=die]  pam_faillock.so authfail silent audit deny=3 unlock_time=600

account     required       pam_faillock.so
account     include        system-auth-ac

password    include        system-auth-ac

session     include        system-auth-ac


 The /etc/pam.d/password-auth-local file should contain the following lines:

auth        required       pam_faillock.so preauth silent audit deny=3 unlock_time=600
auth        include        password-auth-ac
auth        [default=die]  pam_faillock.so authfail silent audit deny=3 unlock_time=600

account     required       pam_faillock.so
account     include        password-auth-ac

password    include        system-auth-ac

session     include        system-auth-ac

 

 

The issue is now I cannot login into the server.

Can you please guide me whether it is possible to recover the login(reboot with Linux CD)

Regards,

Roshan

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html-single/security_guide/index#sect-Security_Guide-Workstation_Security-Administrative_Controls

You didn't use even_deny_root option, so you should at least be able to login with root.
What error are you getting? (when you try to login with root)

Also, you should do the symbolic links documented in SECURITY GUIDE.Yo probably did something wrong in this security conf and locked all the users including root..

As for changing the lost root password, you can use "single user mode"..

LOGIN1.PNG
LOGIN2.PNG

Okay..
You can not connect to the server right?
In any ways? (using an already open VNC maybe?)

If you cant, then there is nothing to do..
recoverf your root password using single user mode and disable this security thing in single user mode.
Then reboot.
After that, try to implement this security thing.. But this time by knowing what you do.. Carefully.

Thanks a lot for support.

In fact I was trying to test lock account after 3 unsuccessful attempt.

With root also it did not work.

I start the system in rescue mode using the install or boot DVD, or ISO and managed to undo all the changes.

Rescue Installed System

Local CD/DVD

Shell Start Shell

chroot /mnt/sysimage

Thanks

Good.