The error -bash: pam_tally2: command not found means that the pam_tally2 utility, which is used for tracking user login attempts and managing account lockouts, is not available or installed on your system.
This is likely because modern Linux distributions have replaced pam_tally2 with pam_faillock, as pam_tally2 is deprecated.
What to Do Next
1. Check if pam_tally2 is Available
If you’re using an older Linux distribution and still want to use pam_tally2, ensure it is installed:
sudo yum install pam -y # For RHEL/CentOS
sudo apt install libpam-modules -y # For Debian/UbuntuHowever, note that newer distributions may not provide this package.
2. Use pam_faillock Instead
For modern Linux systems, use the pam_faillock module, which serves the same purpose but is more secure and reliable. For example:
- View Failed Login Attempts:
faillock- Reset Login Failures:
faillock --user <username> --reset- Configure Login Lockout Policies:
Edit the/etc/security/faillock.confor/etc/pam.d/system-authand/etc/pam.d/password-authfiles to set the lockout rules. Example:
deny=3 unlock_time=6003. Determine Your Linux Distribution
To check which Linux distribution you are using, run:
cat /etc/os-releaseThis will help confirm whether you should switch to pam_faillock.
Why Use pam_faillock Instead?
- It is actively maintained and part of the PAM (Pluggable Authentication Module) suite.
- It offers better functionality for modern systems.
pam_tally2is no longer available in most recent distributions (e.g., CentOS 8+, RHEL 8+, Ubuntu 20.04+).
Let me know if you need further guidance!