Performing verification for Focal I enabled -proposed and installed libpam-modules libpam-modules-bin libpam-runtime libpam0g version 1.3.1-5ubuntu4.2
>From there, I set the pam_faillock configuration in: /etc/security/faillock.conf: deny = 3 unlock_time = 120 and also: /etc/pam.d/common-auth: # here are the per-package modules (the "Primary" block) auth requisite pam_faillock.so preauth auth [success=1 default=ignore] pam_unix.so nullok_secure auth [default=die] pam_faillock.so authfail auth sufficient pam_faillock.so authsucc # here's the fallback if no module succeeds auth requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around auth required pam_permit.so # and here are more per-package modules (the "Additional" block) auth optional pam_cap.so # end of pam-auth-update config >From there, I created a new user "dave", and rebooted the system. I connected via ssh with the "dave" user and used the wrong password 5 times. I then tried with the correct password and found the account to be locked. I waited 2 minutes, and tried again with the correct password, and I was logged in. When the account was locked, I logged in as the "ubuntu" user and ran: $ sudo faillock --user dave dave: When Type Source Valid 2021-05-19 00:31:08 RHOST 192.168.122.1 V 2021-05-19 00:31:13 RHOST 192.168.122.1 V 2021-05-19 00:31:17 RHOST 192.168.122.1 V And I could see the times that "dave" was locked. I also tested resetting via: $ sudo faillock --user dave --reset and "dave" was allowed to log in again. My tests agree with what Richard sees. Marking as verified for Focal. ** Tags removed: verification-needed-focal ** Tags added: verification-done-focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1927796 Title: [SRU]pam_tally2 can cause accounts to be locked by correct password. pam_faillock use is the recommended fix To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1927796/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs