修改了/etc/pam.d/common-auth如下:
#%PAM-1.0
#
# This file is autogenerated by pam-config. All changes
# will be overwritten.
#
# Authentication-related modules common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authentication modules that define
# the central authentication scheme for use on the system
# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the
# traditional Unix authentication mechanisms.
#
auth required pam_tally.so onerr=fail no_magic_root
auth required pam_env.so
auth required pam_unix2.so
account required pam_tally.so per_user deny=5 no_magic_root reset
但是faillog -a里,就算登录成功,faillog的失败数量还是会增加。
而且输对后,数量不会自动清0.
