Symptoms

A user account becomes locked after multiple failed login attempts.When this occurs: SSH login displays a lockout message and denies access.UI login fails with "Incorrect username or password" even when correct credentials are used.System logs (messages.engineering) show: pam_tally(sshd:auth): Tally overflowed for user <username> SSH output example login as: test_user Pre-authentication banner message from server: | End of banner message from server Keyboard-interactive authentication prompts from server: | Account temporarily locked due to 5 failed logins | (8 minutes left to unlock) | Password: End of keyboard-interactive prompts from server Access denied

Cause

Data Domain uses pam_tally2 to protect against unauthorized access and denial‑of‑service attacks.A user account is locked when: Three consecutive incorrect password attempts occur (default behavior).The login failures exceed the configured threshold defined by: adminaccess option show Example: sysadmin@DD)# adminaccess option reset set show sysadmin@DD)# adminaccess option show Option Value -------------------- -------- login-unlock-timeout 120 login-max-attempts 20 login-max-active 100 cipher-list default* password-auth enabled password-hash sha512 tls-version TLSv1.2 -------------------- -------- Any failed attempt during the lockout period extends the lockout timer.Correct password attempts also fail while the account is locked. Automated scripts, backup applications, or incorrect stored credentials commonly generate repeated failed logins, leading to extended lockouts and triggering the tally overflow condition.

Resolution

1. Wait for the lockout timer to expire. If the remaining lockout duration is short, allow the timeout period to complete, then log in using the correct password. 2. Verify and correct the source of failed login attempts. If failed attempts continue to increment: Confirm whether any backup jobs, automated scripts, or third‑party tools are using outdated or incorrect credentials.Update all scripts or applications to use the correct username and password. 3. Contact your contracted support provider. If: The lockout duration is excessively long,The tally continues to increase despite no known login attempts, orThe account does not unlock after the timeout expires, Then collect a Support Bundle and contact your support provider for assistance.

Support Cases