Friday, August 19, 2011

Lock account in linux

To lock a user account in linux following command can be used

root#passwd -l

For example

root#passwd -l user1

Comand will lock user1, i mean user1 cant login on system now.

To get status of locking status , we can use passwd command in following way

root# passwd -S

For example

root# passwd -S user1

If it shows LK that means account is locked

And if account has to be unlocked , use passwd in following ways

root#passwd -u

For example

To unlock account user1

root#passwd -u user1

But what if you want to lock account after a given number of failed login attempt. Suppose you want to lock account after 3 unsuccessfull login attempt. pam_tally pam module is used for this purpose , i am going to discuss implementation of this module in my next article.

You can try following commands to list all locked users

passwd -S -a  grep LK | cut -d " " -f1
passwd -S -a | awk '/LK/{print $1}'