From b54edff3a6724bba19fd803042909cc448d169fd Mon Sep 17 00:00:00 2001 From: Mikle Kolyada Date: Sat, 10 Oct 2020 18:35:39 +0300 Subject: switch pam_faillock.so to its config file Signed-off-by: Mikle Kolyada --- templates/system-auth.tpl | 4 ++-- templates/system-login.tpl | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/templates/system-auth.tpl b/templates/system-auth.tpl index 46fc131..1bb53ae 100644 --- a/templates/system-auth.tpl +++ b/templates/system-auth.tpl @@ -10,9 +10,9 @@ auth [success=1 default=ignore] pam_krb5.so {{ krb5_params }} auth required pam_unix.so try_first_pass {{ likeauth }} {{ nullok|default('', true) }} {{ debug|default('', true) }} auth optional pam_permit.so {% if not minimal %} -auth required pam_faillock.so preauth silent audit deny=3 unlock_time=600 +auth required pam_faillock.so preauth conf=/etc/security/faillock.conf auth sufficient pam_unix.so {{ nullok|default('', true) }} try_first_pass -auth [default=die] pam_faillock.so authfail audit deny=3 unlock_time=600 +auth [default=die] pam_faillock.so authfail {% endif %} {% if krb5 %} diff --git a/templates/system-login.tpl b/templates/system-login.tpl index d51481b..bb4f093 100644 --- a/templates/system-login.tpl +++ b/templates/system-login.tpl @@ -2,9 +2,9 @@ auth required pam_shells.so {{ debug|default('', true) }} auth required pam_nologin.so auth include system-auth {% if not minimal %} -auth required pam_faillock.so preauth silent audit deny=3 unlock_time=600 +auth required pam_faillock.so preauth conf=/etc/security/faillock.conf auth sufficient pam_unix.so nullok try_first_pass -auth [default=die] pam_faillock.so authfail audit deny=3 unlock_time=600 +auth [default=die] pam_faillock.so authfail {% endif %} account required pam_access.so {{ debug|default('', true) }} -- cgit v1.2.3-65-gdbad