When attempting to su to another user, in this case mysql, you receive the message “Account locked due to xx failed logins”

Condition – /etc/pam.d/password-auth has already been configured

Even if you reset the password in Linux by using the following command, you still receive the message.

passwd username

Attempt to switch user to mysql

[user@host ~]$ su mysql
Account locked due to 10 failed logins
Password:
su: incorrect password

Check the counter for the specific user with the following command:

[root@host user]# pam_tally2 --user=mysql
Login           Failures Latest failure     From
mysql             17    12/01/15 09:14:42  pts/3

Reset or unlock the user account to enable access again

[root@host user]# pam_tally2 --user=mysql --reset
Login           Failures Latest failure     From
mysql             17    12/01/15 09:14:42  pts/3

Verify the counter has been reset for specific user

[root@host user]# pam_tally2 --user=mysql
Login           Failures Latest failure     From
mysql               0

Should be able to login as user now with no problem

[user@host ~]$ su - mysql
Password: EnterPassword
[mysql@host ~]$

The PAM module is part of all Linux distribution. Do ‘man pam_tally2‘ from the command line to learn more about it.