diff options
Diffstat (limited to 'source/a/util-linux/pam.d')
-rw-r--r-- | source/a/util-linux/pam.d/login | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/source/a/util-linux/pam.d/login b/source/a/util-linux/pam.d/login index 9209ef5b..1e965f11 100644 --- a/source/a/util-linux/pam.d/login +++ b/source/a/util-linux/pam.d/login @@ -1,9 +1,14 @@ #%PAM-1.0 auth required pam_securetty.so -# To set a limit on failed authentications, the pam_tally2 module -# can be enabled. See pam_tally2(8) for options. -#auth required pam_tally2.so deny=4 unlock_time=1200 +# When using pam_faillock, print a message to the user if the account is +# locked. This lets the user know what is going on, but it also potentially +# gives additional information to attackers: +#auth requisite pam_faillock.so preauth auth include system-auth +# To set a limit on failed authentications, the pam_faillock module +# can be enabled. See pam_faillock(8) for more information. +#auth [default=die] pam_faillock.so authfail +#auth sufficient pam_faillock.so authsucc auth include postlogin account required pam_nologin.so account include system-auth |