11 Sep
2020
11 Sep
'20
4:25 p.m.
On Fri, 11 Sep 2020 at 17:05, Giancarlo Razzolini via arch-dev-public <arch-dev-public@archlinux.org> wrote:
I third you and Levente's opinion. This is a sane upstream default and should be handled by users, if they wish to. We shouldn't deviate from upstream in this case.
It's not an upstream default though. It's enabled by /etc/pam.d/system-auth which is part of pambase. It breaks sudo as well. I don't believe it makes sense to lock the user out after only 3 failed attempts. I would just remove pam_faillock.so from pambase. :)