[arch-dev-public] Pam lockout
Evangelos Foutras
evangelos at foutrelis.com
Fri Sep 11 14:52:31 UTC 2020
On Fri, 11 Sep 2020 at 17:33, Tobias Powalowski via arch-dev-public
<arch-dev-public at archlinux.org> wrote:
>
> Hi,
> the 3 attempts are default. It is not overridden in the config. It was just
> a transition to the new module.
tally2 used to be in system-login, whereas faillock is part of
system-auth. sudo includes the latter which explains why there were no
lockouts with sudo in the past.
I'm not familiar enough with pam to judge if moving faillock to
system-login restores the status quo and/or is a good idea. Did tally2
without a deny=x argument even do anything other than logging failed
attempts?
More information about the arch-dev-public
mailing list