设置方式：
vi /etc/pam.d/system-auth

auth        required      /lib/security/$ISA/pam_tally.so onerr=fail no_magic_root
account     required      /lib/security/$ISA/pam_tally.so deny=5 no_magic_root reset

#说明
deny=5 : Deny access if tally for this user exceeds 3 times.
lock_time=180 : Always deny for 180 seconds after failed attempt. There is also unlock_time=n option. It allow access after n seconds after failed attempt. If this option is used the user will be locked out for the specified amount of time after he exceeded his maximum allowed attempts. Otherwise the account is locked until the lock is removed by a manual intervention of the system administrator.
magic_root : If the module is invoked by a user with uid=0 the counter is not incremented. The sys-admin should use this for user launched services, like su, otherwise this argument should be omitted.
no_magic_root : Avoid root account locking, if the module is invoked by a user with uid=0

会有日志记录被锁定的用户
/var/log/faillog

清除被锁定的用户
crontab -l
*/30 * * * * /sbin/pam_tally –reset
或者
*/30 * * * * faillog -r

本文固定链接: https://www.2hei.net/2009/07/08/linux-pam_tally-use/ | 2hei.net