When attempting to su to another user, in this case mysql, you receive the message “Account locked due to xx failed logins”
Condition – /etc/pam.d/password-auth has already been configured
Even if you reset the password in Linux by using the following command, you still receive the message.
passwd username
Attempt to switch user to mysql
[user@host ~]$ su mysql
Account locked due to 10 failed logins
Password:
su: incorrect password
Check the counter for the specific user with the following command:
[root@host user]# pam_tally2 --user=mysql
Login Failures Latest failure From
mysql 17 12/01/15 09:14:42 pts/3
Reset or unlock the user account to enable access again
[root@host user]# pam_tally2 --user=mysql --reset
Login Failures Latest failure From
mysql 17 12/01/15 09:14:42 pts/3
Verify the counter has been reset for specific user
[root@host user]# pam_tally2 --user=mysql
Login Failures Latest failure From
mysql 0
Should be able to login as user now with no problem
[user@host ~]$ su - mysql
Password: EnterPassword
[mysql@host ~]$
The PAM module is part of all Linux distribution. Do ‘man pam_tally2‘ from the command line to learn more about it.
