I’ve had this come up a few times. Exadata is configured to require big passwords, that expire AND will lock you out after 5 failed login attempts… which happen often after password changes. What’s an admin to do?
Check the logs:
/usr/bin/faillog
And the output looks something like:
Login Failures Maximum Latest On
root 0 0 01/01/70 00:00:00 +0000
...
grid 0 0 01/01/70 00:00:00 +0000
oracle 0 0 01/01/70 00:00:00 +0000
Huh? I guess we’re not using faillog anymore … it’s time for pam_tally2
grep tally /etc/pam.d/*
/etc/pam.d/login:auth required pam_tally2.so deny=5 onerr=fail
/etc/pam.d/login:account required pam_tally.so
/etc/pam.d/sshd:auth required pam_tally2.so deny=5 onerr=fail
/etc/pam.d/sshd:account required pam_tally.so
I see. What’s an admin to do? Read the man page and then…
pam_tally2 -u oracle
Login Failures Latest failure From
oracle 15 06/05/12 22:42:13 10.10.2.9
pam_tally2 --reset -u oracle
All better.