Configuring PAM

30 minutes
  • 3 Learning Objectives

About this Hands-on Lab

PAM has become an important part of the standard Linux login and account management subsystem. Systems administrators and security engineers alike should be knowledgeable of how to configure and enable various PAM modules. In this hands-on lab, we will work with the `pam_cracklib` and `pam_tally` modules and learn how they can be used to enhance system security.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Install `pam_cracklib`
  1. Install the necessary libraries for pam_cracklib.
    sudo apt-get install libpam-cracklib
Configure `pam_cracklib`
  1. Edit /etc/pam.d/common-password.
  2. Change the existing pam_cracklib configuration to the following:
    password   requisite    pam_cracklib   retry=3 minlen=10
Enable and Configure `pam_tally2`
  1. Edit /etc/pam.d/common-auth.
  2. Add a pam_tally configuration before the default block by adding the following text:
    auth     required deny=2 unlock_time=600

Additional Resources

You have been tasked with improving account security for a client's shared workstation. The client wants the password difficulty to be increased to a minimum length of 10 characters for users who do not use multiple character classes. The client has also asked that users who fail to log in twice in a row have their account locked for 10 minutes. You must provide a solution on a test system to demonstrate how PAM can be configured to satisfy these requirements for the client.


  • Install pam_cracklib for the test-server system.
  • Configure pam_cracklib so that users need a password with a minimum length of 10 characters and default credit for character classes. It should only allow 3 change attempts per execution.
  • Enable and configure pam_tally2 for the test-server system so that the system will reject logins from any non-root user for 10 minutes after 2 failed login attempts.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?