[arch-dev-public] Pam lockout
Tobias Powalowski
tobias.powalowski at googlemail.com
Fri Sep 11 14:32:29 UTC 2020
Hi,
the 3 attempts are default. It is not overridden in the config. It was just
a transition to the new module.
greetings
tpowa
Am Fr., 11. Sept. 2020 um 16:26 Uhr schrieb Evangelos Foutras via
arch-dev-public <arch-dev-public at archlinux.org>:
> On Fri, 11 Sep 2020 at 17:05, Giancarlo Razzolini via arch-dev-public
> <arch-dev-public at archlinux.org> wrote:
> > I third you and Levente's opinion. This is a sane upstream default and
> should
> > be handled by users, if they wish to. We shouldn't deviate from upstream
> in this
> > case.
>
> It's not an upstream default though. It's enabled by
> /etc/pam.d/system-auth which is part of pambase.
>
> It breaks sudo as well. I don't believe it makes sense to lock the
> user out after only 3 failed attempts.
>
> I would just remove pam_faillock.so from pambase. :)
>
--
Tobias Powalowski
Archlinux Developer & Package Maintainer (tpowa)
http://www.archlinux.org
tpowa at archlinux.org
More information about the arch-dev-public
mailing list