Show how many failures a single user has committed in the last 30 minutes
faillog –u username
Reset the failed login count
faillog –r username
pam_tally2 -r -u jvalero
Setup Putty with the following:
Connection > SSH > X11
`-> [X] Enable X11 Forwarding
`-> (o) MIT-Magic_Cookie-1 (not sure if this does anything but it’s enabled for me)
Connection > SSH > Tunnels
`-> [X] Local ports accept connections from other hosts
`-> Remote ports do the same (SSH-2 only)
Once connected using your account, try to start up xclock from the shell. It should load in an Xming (be sure to have this installed) wrapper.
If you need to su to another user, you’ll need to bring your authorization to the other user
If you’re getting an error opening the display or wrong authorization, check if the display number is in there twice. Delete any incorrect entries.
Restricting Use of Previous Passwords
The pam_unix module parameter remember can be used to configure the number of previous passwords that cannot be reused. And the pam_cracklib module parameter difok can be used to specify the number of characters hat must be different between the old and the new password.
In the following example I will show how to tell the system that a password cannot be reused for at least 6 months and that at least 3 characters must be different between the old and new password.
Remember that in the chapter Enabling Password Aging we set PASS_MIN_DAYS to 7, which specifies the minimum number of days allowed between password changes. Hence, if we tell pam_unix to remember 26 passwords, then the previously used passwords cannot be reused for at least 6 months (26*7 days).
Here is an example. Edit the /etc/pam.d/system-auth file and add/change the following pam_cracklib and pam_unix arguments:
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/$ISA/pam_unix.so
account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account required /lib/security/$ISA/pam_permit.so
password requisite /lib/security/$ISA/pam_cracklib.so retry=3 minlen=8 lcredit=-1 ucredit=-1 dcredit=-1 ocredit=-1 difok=3
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow remember=26
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
If the /etc/security/opasswd doesn’t exist, create the file.
# ls -l /etc/security/opasswd
-rw——- 1 root root 0 Dec 8 06:54 /etc/security/opasswd