This configuration enables the pam_tally module with specific parameters:
per_user: Counts failed login attempts per user.
unlock_time=600: Sets the account lockout time to 600 seconds (10 minutes).
onerr=succeed: Continues authentication if an error occurs.
audit deny=5: Logs an audit message after 5 failed login attempts.
when using the lightdm-gtk-greeter login screen, if there are 5 consecutive failed login attempts, the account will be locked. Additionally, pressing the Tab key or clicking on the password field (without entering a password) will also increment the failed login count.
you can add the following line to the /etc/pam.d/common-auth file:
auth required pam_tally.so per_user unlock_time=600 onerr=succeed audit deny=5
This configuration enables the pam_tally module with specific parameters:
when using the lightdm-gtk-greeter login screen, if there are 5 consecutive failed login attempts, the account will be locked. Additionally, pressing the Tab key or clicking on the password field (without entering a password) will also increment the failed login count.