inactive option not working for

Server Fault Asked by Jakov Sosic on August 5, 2020

I’m trying to set up my system to lock out inactive users after 10 days. I’m using CentOS 6.x, and looking at RHEL manual, this is what I found:

To lock out an account after 10 days of inactivity, add, as root,
the following line to the auth section of the /etc/pam.d/login file:
auth  required inactive=10

So, this is my /etc/pam.d/login :

auth [user_unknown=ignore success=ok ignore=ignore default=bad]
auth       include      system-auth
auth       required inactive=10
account    required
account    include      system-auth
password   include      system-auth
# close should be the first session rule
session    required close
session    required
session    optional
# open should only be followed by sessions to be executed in the user context
session    required open
session    required
session    optional force revoke
session    include      system-auth
-session   optional

I log in through ssh as a user, and log out.

After that I set up the time 1 year in the future, as root logged in on TTY1:

# date --set "...."
# hwclock --systohc

I even reboot the VM, but still, when it gets back, I’m able to log in as user through ssh.

Any ideas what am I doing wrong here?

One Answer

I even reboot the VM, but still, when it gets back, I'm able to log in as user through ssh.

Apples and oranges. You're editing the login file, but you're performing tests against sshd. The sshd daemon calls the PAM library directly with a service name of sshd, thus the identically named file is used.

In the event that you were not aware that the login file maps to authentication attempts by an actual command named login (which is invoked by your getty), man login is recommended reading material.

Answered by Andrew B on August 5, 2020

Add your own answers!

Related Questions

NGINX/GemInABox – static links aren’t properly passed

0  Asked on December 8, 2020 by anotherclueless


How do I start & stop my AKS cluster?

2  Asked on December 8, 2020 by sarabpreet-singh


Nginx rewrite: replace – with /

2  Asked on December 7, 2020 by tomas-morgan


SCCM Application Deployment – No Status or Errors

1  Asked on December 6, 2020 by jshizzle


Centos 7 Sofia-sip dependency for Janus sip gateway

2  Asked on December 6, 2020 by dmitriy-povolotskiy


Switching NICs in VPN tunnel

0  Asked on December 6, 2020 by kubek


Asterisk / Elastix Address Book and Call Recording

1  Asked on December 3, 2020 by ullash


How to know if mysql server is using sha_256 or caching_sha_256?

0  Asked on December 2, 2020 by noah-j-standerson


Booting a squashed filesystem from ISO

0  Asked on December 2, 2020 by rudolfs-bundulis


Ask a Question

Get help from others!

© 2022 All rights reserved. Sites we Love: PCI Database, MenuIva, UKBizDB, Menu Kuliner, Sharing RPP, SolveDir