Hi, the 3 attempts are default. It is not overridden in the config. It was just a transition to the new module. greetings tpowa Am Fr., 11. Sept. 2020 um 16:26 Uhr schrieb Evangelos Foutras via arch-dev-public <arch-dev-public@archlinux.org>:
On Fri, 11 Sep 2020 at 17:05, Giancarlo Razzolini via arch-dev-public <arch-dev-public@archlinux.org> wrote:
I third you and Levente's opinion. This is a sane upstream default and should be handled by users, if they wish to. We shouldn't deviate from upstream in this case.
It's not an upstream default though. It's enabled by /etc/pam.d/system-auth which is part of pambase.
It breaks sudo as well. I don't believe it makes sense to lock the user out after only 3 failed attempts.
I would just remove pam_faillock.so from pambase. :)
-- Tobias Powalowski Archlinux Developer & Package Maintainer (tpowa) http://www.archlinux.org tpowa@archlinux.org