StarlingX

CentOS: user is not locked after 5 consecutive failed login

Bug #1977553 reported by Andy
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
Low
Andy

Bug Description

Brief Description
-----------------
After 5 sysadmin user login failures with incorrect password on console window, there was a message "Maximum login tried", but there was no locked out for the user. The user was able to log in immediately after with the correct password.

Severity
--------
<Minor: System/Feature is usable with minor issue>

Steps to Reproduce
------------------
1. Install CentOS Simplex system
2. Keep the console open and try to login as a sysadmin with the wrong password more than 5 times and verify the correct password and whether the user was locked out.

Expected Behavior
------------------
The user is locked for 5 mins after the 5 failed login attempts.

Actual Behavior
----------------
The user can login with correct password right after the 5 failed login.

Reproducibility
---------------
100% reproducible

System Configuration
--------------------
Any

Branch/Pull Time/Commit
-----------------------
STX master latest.

Last Pass
---------
Unknown

Timestamp/Logs
--------------
See steps to reproduce.

Test Activity
-------------
Regression Testing

Workaround
----------
N/A

Andy (andy.wrs)
Changed in starlingx:
assignee: nobody → Andy (andy.wrs)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to config-files (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/starlingx/config-files/+/845163

Changed in starlingx:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to config-files (master)

Reviewed: https://review.opendev.org/c/starlingx/config-files/+/845163
Committed: https://opendev.org/starlingx/config-files/commit/d31ed71ae0a43d4824dcf892fd00d28a45a5d6ca
Submitter: "Zuul (22348)"
Branch: master

commit d31ed71ae0a43d4824dcf892fd00d28a45a5d6ca
Author: Andy Ning <email address hidden>
Date: Fri Jun 3 13:28:00 2022 -0400

    CentOS lockout user after 5 consecutive failed login

    Current pam configuration allows user to login with correct
    password right after 5 consecutive failed attempts. This change
    updated pam configuration to ensure a lockout of the user for
    5 mins after the 5 failed login.

    Test Plan on CentOS:
    PASS: OS user lockout for 5 mins after 5 failed login attempts on
          console.
    PASS: OS user lockout for 5 mins after 5 failed login attempts on
          ssh.
    PASS: ldap user lockout for 5 mins after 5 failed login attempts on
          console.
    PASS: ldap user lockout for 5 mins after 5 failed login attempts on
          ssh.

    Closes-Bug: 1977553
    Signed-off-by: Andy Ning <email address hidden>
    Change-Id: I186b0a1c45035cb1c6059262d8c8c2ae87670dbd

Changed in starlingx:
status: In Progress → Fix Released
Ghada Khalil (gkhalil)
Changed in starlingx:
importance: Undecided → Low
tags: added: stx.7.0 stx.security
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.