11 Sep
2020
11 Sep
'20
4:52 p.m.
On Fri, 11 Sep 2020 at 17:33, Tobias Powalowski via arch-dev-public <arch-dev-public@archlinux.org> wrote:
Hi, the 3 attempts are default. It is not overridden in the config. It was just a transition to the new module.
tally2 used to be in system-login, whereas faillock is part of system-auth. sudo includes the latter which explains why there were no lockouts with sudo in the past. I'm not familiar enough with pam to judge if moving faillock to system-login restores the status quo and/or is a good idea. Did tally2 without a deny=x argument even do anything other than logging failed attempts?