AnsweredAssumed Answered

failed login count increase when change password from PAM for linux device.

Question asked by huaso01 Employee on Dec 18, 2017
Latest reply on Dec 19, 2017 by prira01

Customer manage password from PAM(3.0.2) on linux device.  It is found that when change password from PAM, failed login count increase on OS side.

 

Account details as follows.

 

Failed count before change password:

Dec 10 22:08:10 huaso01-I7575 unix_chkpwd[114098]: password check failed for user (root)
Dec 11 01:33:50 huaso01-I7575 unix_chkpwd[124793]: password check failed for user (root)
Dec 11 01:33:57 huaso01-I7575 unix_chkpwd[124794]: password check failed for user (root)
Dec 12 20:38:55 huaso01-I7575 unix_chkpwd[116772]: password check failed for user (pimadmin)
Dec 15 03:02:36 huaso01-I7575 unix_chkpwd[11894]: password check failed for user (pimadmin)
Dec 15 03:04:51 huaso01-I7575 unix_chkpwd[12206]: password check failed for user (pimadmin)
Dec 15 03:16:01 huaso01-I7575 unix_chkpwd[12630]: password check failed for user (pimadmin)
Dec 15 03:22:44 huaso01-I7575 unix_chkpwd[12860]: password check failed for user (pimadmin)
Dec 15 03:41:55 huaso01-I7575 unix_chkpwd[14259]: password check failed for user (pimadmin)
Dec 17 19:39:59 huaso01-I7575 unix_chkpwd[63689]: password check failed for user (pimadmin)
Dec 17 19:52:48 huaso01-I7575 unix_chkpwd[64130]: password check failed for user (pimadmin)
Dec 17 20:20:22 huaso01-I7575 unix_chkpwd[65746]: password check failed for user (pimadmin)

 

Change password by click generate credentials->OK. confirmed password changed.

 

Failed login count increased by one:

 

Dec 11 01:33:57 huaso01-I7575 unix_chkpwd[124794]: password check failed for user (root)
Dec 12 20:38:55 huaso01-I7575 unix_chkpwd[116772]: password check failed for user (pimadmin)
Dec 15 03:02:36 huaso01-I7575 unix_chkpwd[11894]: password check failed for user (pimadmin)
Dec 15 03:04:51 huaso01-I7575 unix_chkpwd[12206]: password check failed for user (pimadmin)
Dec 15 03:16:01 huaso01-I7575 unix_chkpwd[12630]: password check failed for user (pimadmin)
Dec 15 03:22:44 huaso01-I7575 unix_chkpwd[12860]: password check failed for user (pimadmin)
Dec 15 03:41:55 huaso01-I7575 unix_chkpwd[14259]: password check failed for user (pimadmin)
Dec 17 19:39:59 huaso01-I7575 unix_chkpwd[63689]: password check failed for user (pimadmin)
Dec 17 19:52:48 huaso01-I7575 unix_chkpwd[64130]: password check failed for user (pimadmin)
Dec 17 20:20:22 huaso01-I7575 unix_chkpwd[65746]: password check failed for user (pimadmin)
Dec 18 02:21:47 huaso01-I7575 unix_chkpwd[83421]: password check failed for user (pimadmin)
[root@huaso01-I7575 ~]#

 

No custom script used all use default script.

I dont see this behavior in 2.8.4 version of PAM. It seems update password script changed in 3.0.2.

 

Any thought?

 

 

Best Regards

 

Jerry

Outcomes