usermin not updating failed login attempts

We are using Usermin to change Linux & samba password for users. Password changing function works fine. But while the user initially logging in to change the password, if the user gives wrong password, it is not getting saved on the backed linux for failed logon. We have a set a policy for the user not to allow more than 6 wrong password attempts, afterwhich the user will have to automatically locked by giving proper error(for locking).

o/s - Redhat ES4 (2.6.9-55.ELsmp)

/etc/pam.d/usermin :
auth required nullok
auth required deny=6
account required
account required
session required

I think the second login, is not at all taking effect(checking) while logging in the usermin session. Even if the user/password is locked in the back end (in linux), it is allowing the user to login and change password.

/etc/pam.d/system-auth :

This file is auto-generated.

User changes will be destroyed the next time authconfig is run.

auth required /lib/security/$ISA/
auth required /lib/security/$ISA/ onerr=fail no_magic_root
auth sufficient /lib/security/$ISA/ likeauth nullok
auth required /lib/security/$ISA/

account required /lib/security/$ISA/
account required /lib/security/$ISA/ per_user deny=6 no_magic_root reset
account sufficient /lib/security/$ISA/ uid < 100 quiet
account required /lib/security/$ISA/

password requisite /lib/security/$ISA/ retry=3
password sufficient /lib/security/$ISA/ nullok use_authtok md5 shadow
password required /lib/security/$ISA/

session required /lib/security/$ISA/
session required /lib/security/$ISA/

Solution needed:

  1. While the user logging in, if he gives wrong password for 6 attempts, it has to properly logs in the /var/log/faillog and lock it after that.

  2. If the user is locked, he should get proper error in the logon screen while trying to login, so that he contact system dept for further query.

please help me to get the above problem solved.


Do you have the PAM Perl module installed on your system? If not, Webmin and Usermin will not use PAM for authentication, and thus all PAM provided rules are ignored.

I have perl-Authen-PAM-0.16 installed as rpm. how to tell / webmin & usermin to make use of it.

It normally uses it by default, I think…but, it’s in the Webmin and Usermin configuration pages. Click the “Authentication” icon, and enable it in the in the “Use PAM for Unix authentication, if available” field.

If that’s already set, then I’m not sure. There’s probably some coverage of it in the Webmin wiki. Yep:

Not much new though…

Also, I hope the Webmin version you’ve mentioned is a typo…1.210 is like two or three years old! Please run the latest version of both Webmin and Usermin.