aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMikle Kolyada <zlogene@gentoo.org>2020-10-10 18:35:39 +0300
committerMikle Kolyada <zlogene@gentoo.org>2020-10-10 18:37:14 +0300
commitb54edff3a6724bba19fd803042909cc448d169fd (patch)
tree8e15e006c06a8fe8d7f95fe1f871dbac7e026231 /templates
parentsystem-auth: introduce pam_pwhistory (diff)
downloadpambase-b54edff3a6724bba19fd803042909cc448d169fd.tar.gz
pambase-b54edff3a6724bba19fd803042909cc448d169fd.tar.bz2
pambase-b54edff3a6724bba19fd803042909cc448d169fd.zip
switch pam_faillock.so to its config filepambase-20201010
Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>
Diffstat (limited to 'templates')
-rw-r--r--templates/system-auth.tpl4
-rw-r--r--templates/system-login.tpl4
2 files changed, 4 insertions, 4 deletions
diff --git a/templates/system-auth.tpl b/templates/system-auth.tpl
index 46fc131..1bb53ae 100644
--- a/templates/system-auth.tpl
+++ b/templates/system-auth.tpl
@@ -10,9 +10,9 @@ auth [success=1 default=ignore] pam_krb5.so {{ krb5_params }}
auth required pam_unix.so try_first_pass {{ likeauth }} {{ nullok|default('', true) }} {{ debug|default('', true) }}
auth optional pam_permit.so
{% if not minimal %}
-auth required pam_faillock.so preauth silent audit deny=3 unlock_time=600
+auth required pam_faillock.so preauth conf=/etc/security/faillock.conf
auth sufficient pam_unix.so {{ nullok|default('', true) }} try_first_pass
-auth [default=die] pam_faillock.so authfail audit deny=3 unlock_time=600
+auth [default=die] pam_faillock.so authfail
{% endif %}
{% if krb5 %}
diff --git a/templates/system-login.tpl b/templates/system-login.tpl
index d51481b..bb4f093 100644
--- a/templates/system-login.tpl
+++ b/templates/system-login.tpl
@@ -2,9 +2,9 @@ auth required pam_shells.so {{ debug|default('', true) }}
auth required pam_nologin.so
auth include system-auth
{% if not minimal %}
-auth required pam_faillock.so preauth silent audit deny=3 unlock_time=600
+auth required pam_faillock.so preauth conf=/etc/security/faillock.conf
auth sufficient pam_unix.so nullok try_first_pass
-auth [default=die] pam_faillock.so authfail audit deny=3 unlock_time=600
+auth [default=die] pam_faillock.so authfail
{% endif %}
account required pam_access.so {{ debug|default('', true) }}