1 |
commit: b54edff3a6724bba19fd803042909cc448d169fd |
2 |
Author: Mikle Kolyada <zlogene <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sat Oct 10 15:35:39 2020 +0000 |
4 |
Commit: Mikle Kolyada <zlogene <AT> gentoo <DOT> org> |
5 |
CommitDate: Sat Oct 10 15:37:14 2020 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/pambase.git/commit/?id=b54edff3 |
7 |
|
8 |
switch pam_faillock.so to its config file |
9 |
|
10 |
Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org> |
11 |
|
12 |
templates/system-auth.tpl | 4 ++-- |
13 |
templates/system-login.tpl | 4 ++-- |
14 |
2 files changed, 4 insertions(+), 4 deletions(-) |
15 |
|
16 |
diff --git a/templates/system-auth.tpl b/templates/system-auth.tpl |
17 |
index 46fc131..1bb53ae 100644 |
18 |
--- a/templates/system-auth.tpl |
19 |
+++ b/templates/system-auth.tpl |
20 |
@@ -10,9 +10,9 @@ auth [success=1 default=ignore] pam_krb5.so {{ krb5_params }} |
21 |
auth required pam_unix.so try_first_pass {{ likeauth }} {{ nullok|default('', true) }} {{ debug|default('', true) }} |
22 |
auth optional pam_permit.so |
23 |
{% if not minimal %} |
24 |
-auth required pam_faillock.so preauth silent audit deny=3 unlock_time=600 |
25 |
+auth required pam_faillock.so preauth conf=/etc/security/faillock.conf |
26 |
auth sufficient pam_unix.so {{ nullok|default('', true) }} try_first_pass |
27 |
-auth [default=die] pam_faillock.so authfail audit deny=3 unlock_time=600 |
28 |
+auth [default=die] pam_faillock.so authfail |
29 |
{% endif %} |
30 |
|
31 |
{% if krb5 %} |
32 |
|
33 |
diff --git a/templates/system-login.tpl b/templates/system-login.tpl |
34 |
index d51481b..bb4f093 100644 |
35 |
--- a/templates/system-login.tpl |
36 |
+++ b/templates/system-login.tpl |
37 |
@@ -2,9 +2,9 @@ auth required pam_shells.so {{ debug|default('', true) }} |
38 |
auth required pam_nologin.so |
39 |
auth include system-auth |
40 |
{% if not minimal %} |
41 |
-auth required pam_faillock.so preauth silent audit deny=3 unlock_time=600 |
42 |
+auth required pam_faillock.so preauth conf=/etc/security/faillock.conf |
43 |
auth sufficient pam_unix.so nullok try_first_pass |
44 |
-auth [default=die] pam_faillock.so authfail audit deny=3 unlock_time=600 |
45 |
+auth [default=die] pam_faillock.so authfail |
46 |
{% endif %} |
47 |
|
48 |
account required pam_access.so {{ debug|default('', true) }} |