[arch-general] PAM 1.3.1 -> 1.5.1 did pam_tally get removed?
Anton Hvornum
anton at hvornum.se
Mon Feb 22 12:58:36 UTC 2021
That would answer my issue yesterday, but raises another question.
What dictates if something is worthy of being put on the bulletin
board on the main website?
I added 2FA way back when to /etc/pam.d/system-login and that meant
that pacman placed a .pacnew file alongside the modified system-login
(as expected) on upgrade.
But the notification about this got lost in the sea of packages which
is on me of course. But seeing as this is a modification to a system
critical file can (and did) cause a complete lockout of accounts on
the machine due to `auth required` being the keywords put in place.
I would have expected this to be on the bulletin board about possible
manual intervention required.
Perhaps I just missed it under another title?
Best wishes:
Anton Hvornum
On Mon, Feb 22, 2021 at 12:57 PM Björn Fries via arch-general
<arch-general at lists.archlinux.org> wrote:
>
> > I can't remember if I've
> > added the following to /etc/pam.d/system-login or not:
> >
> > auth required pam_tally2.so onerr=succeed
> file=/var/log/tallylog
>
> The line was changed by
> https://github.com/archlinux/svntogit-packages/commit/7afa3fb3a9e74c27f4c2af85c8ff624123c830e1
>
> to
>
> auth required pam_faillock.so onerr=succeed
> file=/var/log/tallylog
>
> and pam_faillock was moved to /etc/pam.d/system-auth by
> https://github.com/archlinux/svntogit-packages/commit/2d5af94ae55a5c98837ce9631f331ad2aad32bb3
More information about the arch-general
mailing list