In this article i will talk about the PAM(pluggable authentication modules) in Oracle Exadata Linux Operational System. So what is PAM and what is it used for ? Well as stated before PAM means pluggable authentication modules and it is a flexible mechanism for authenticating users. PAM provides a way to develop programs that are independent of authentication scheme. These programs need "authentication modules" to be attached to them at run-time in order to work. Which authentication module is to be attached is dependent upon the local system setup and is at the discretion of the local system administrator. So far so good but what is all of this has to do with Oracle Exadata machine ? Every Oracle Exadata Machine comes with configurated with the pam_tally2 options ON, and they will follow some rules that are set in your sshd files located in your /etc/pam.d folder. Depending on your Exadata Image version it might have a different configuration, to get you Image version use the imageinfo command logged as root user: To see the pam option you can just read the sshd configuration file files located in your /etc/pam.d folder. We can see that rule states that if the user fails to do a correct log on he will have to wait for 600 seconds(10 minutes) before he can try log back on. PAM rules have some drawbacks as sometimes when you have more then one DBA or Admins and they use the same admin account let's say the oracle user and they try to log in with the the wrong password you will be locked out for the lock_time period stated in the rule. Let's see some commands that will allow us to alter or check the lock status of an user account: