OCI: oracle-cloud-agent User with Hundreds of Failed Login Attempts
in Linux
Applies To
Oracle Cloud Infrastructure
Linux x86_64
Goal
Determine why user is being reported with hundreds of failed login attempts.
Symptoms
# pam_tally2 Login Failures Latest failure From oracle-cloud-ag 237 06/12/23 13:44:26
Solution
The instance is fetching user authentication/information from a Windows Active Directory server.
pam_krb5.so module is affecting accounts reserved for system administration (uid<1000).
Please add “minimum_uid=1000” to /etc/pam.d/system-auth file to look like below:
Before change:
$ sudo grep pam_krb5.so /etc/pam.d/system-auth auth sufficient pam_krb5.so try_first_pass realm=<realmname> session optional pam_krb5.so
Please add “minimum_uid=1000” to /etc/pam.d/system-auth file to look like this after change:
0