Can’t Login to Exadata

I’ve had this come up a few times. Exadata is configured to require big passwords, that expire AND will lock you out after 5 failed login attempts… which happen often after password changes. What’s an admin to do?

Check the logs:

/usr/bin/faillog

And the output looks something like:

Login Failures Maximum Latest On
root 0 0 01/01/70 00:00:00 +0000
...
grid 0 0 01/01/70 00:00:00 +0000
oracle 0 0 01/01/70 00:00:00 +0000

Huh? I guess we’re not using faillog anymore … it’s time for pam_tally2

grep tally /etc/pam.d/*
/etc/pam.d/login:auth required pam_tally2.so deny=5 onerr=fail
/etc/pam.d/login:account required pam_tally.so
/etc/pam.d/sshd:auth required pam_tally2.so deny=5 onerr=fail
/etc/pam.d/sshd:account required pam_tally.so

I see. What’s an admin to do? Read the man page and then…

pam_tally2 -u oracle
Login Failures Latest failure From
oracle 15 06/05/12 22:42:13 10.10.2.9
pam_tally2 --reset -u oracle

All better.

George Robinson has been taming technology since 1981. His first bitter taste of UNIX was in 1987 with Xenix 2.1.1. George's youth was spent in building electronics and writing programs to post on the local BBS. In high school, he became involved in student radio and was hired by the top station in the market. After high school, he spent two years traveling the western United States and Canada with REACH Youth Ministries. George double majored in Psychology and Music Theory at Rocky Mountain College in Billings, Montana. During college, the Internet wave hit Montana and his hobby became highly in-demand skills. George finally went pro in 1998 and has been trying to automate himself out of a job ever since. He rode the Internet boom to Orange county. Making the most of his diverse experience, he pursues a career in systems administration and DevOps. He has had roles in numerous startups and has been a systems administrator in enterprises like Verizon Wireless, Yahoo, Nestlé & Fico.