I’ve had this come up a few times. Exadata is configured to require big passwords, that expire AND will lock you out after 5 failed login attempts… which happen often after password changes. What’s an admin to do?
Check the logs:
And the output looks something like:
Login Failures Maximum Latest On root 0 0 01/01/70 00:00:00 +0000 ... grid 0 0 01/01/70 00:00:00 +0000 oracle 0 0 01/01/70 00:00:00 +0000
Huh? I guess we’re not using faillog anymore … it’s time for pam_tally2
grep tally /etc/pam.d/* /etc/pam.d/login:auth required pam_tally2.so deny=5 onerr=fail /etc/pam.d/login:account required pam_tally.so /etc/pam.d/sshd:auth required pam_tally2.so deny=5 onerr=fail /etc/pam.d/sshd:account required pam_tally.so
I see. What’s an admin to do? Read the man page and then…
pam_tally2 -u oracle Login Failures Latest failure From oracle 15 06/05/12 22:42:13 10.10.2.9 pam_tally2 --reset -u oracle