pam_faillock -- can we just remove it from /etc/pam.d/login?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Following the [arch-dev-public] Pam lockout thread,

  Can we just remove the faillock entries from /etc/pam.d/login without
breaking anything if we don't need it at all (like for home computers, etc..)

  The any 3 attempts in 15 minutes which is the default under faillock.conf:

# The default is 900 (15 minutes).
# fail_interval = 900

means that if I mistype a password on login, then 10 minutes later mess up
with sudo, and then 14 minutes later have another slip with sudo, I'm locked
out by faillock. That seems like overkill for home users. It should be limited
to 3 failed logins at a single prompt, not any 3 in 15 minutes.

# admin_group = <admin_group_name>

is another option -- but at this point, I'd rather just remove it from the pam
stack. Is that doable?

-- 
David C. Rankin, J.D.,P.E.



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux