diff options
author | Mikle Kolyada <zlogene@gentoo.org> | 2020-06-16 19:25:38 +0300 |
---|---|---|
committer | Mikle Kolyada <zlogene@gentoo.org> | 2020-06-16 19:25:38 +0300 |
commit | 3a158ca2ba9220bc82ac2d76f3dd6aff50511ab1 (patch) | |
tree | 9f121326f66402c59b096d26173af809dcf47f1e /system-auth.in | |
parent | Revert "allow clang-cpp" (diff) | |
download | pambase-3a158ca2ba9220bc82ac2d76f3dd6aff50511ab1.tar.gz pambase-3a158ca2ba9220bc82ac2d76f3dd6aff50511ab1.tar.bz2 pambase-3a158ca2ba9220bc82ac2d76f3dd6aff50511ab1.zip |
iprove faillock support
Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>
Diffstat (limited to 'system-auth.in')
-rw-r--r-- | system-auth.in | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/system-auth.in b/system-auth.in index dbb6971..6067ea1 100644 --- a/system-auth.in +++ b/system-auth.in @@ -1,6 +1,13 @@ #if HAVE_ENV auth required pam_env.so DEBUG #endif + +#if HAVE_FAILOCK +auth required pam_faillock.so preauth silent audit deny=3 unlock_time=600 +auth sufficient pam_unix.so nullok try_first_pass +auth [default=die] pam_faillock.so authfail audit deny=3 unlock_time=600 +#endif + #if HAVE_PAM_SSH auth sufficient pam_ssh.so #endif @@ -18,6 +25,10 @@ account required pam_unix.so DEBUG /* This is needed to make sure that the Kerberos skip-on-success won't cause a bad jump. */ account optional pam_permit.so +#if HAVE_FAILLOCK +account required pam_faillock.so +#endif + #if HAVE_PASSWDQC password required pam_passwdqc.so min=8,8,8,8,8 retry=3 #endif |