diff options
| author |   Mikle Kolyada <zlogene@gentoo.org> | 2020-06-18 13:02:10 +0300 |
|---|---|---|
| committer | Mikle Kolyada <zlogene@gentoo.org> | 2020-06-18 13:08:38 +0300 |
| commit | 75cd44e94032b13bba41539737d6ac63623217e1 (patch) | |
| tree | c3d2c496aa9d2f337945cc64c47ffb8c90ee05c4 | |
| parent | fix a typo (diff) | |
| download | pambase-historical.tar.gz pambase-historical.tar.bz2 pambase-historical.zip | |
move faillock last in authpambase-20200618historical
Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>
| -rw-r--r-- | system-auth.in | 12 | ||||
| -rw-r--r-- | system-login.in | 11 |
2 files changed, 12 insertions, 11 deletions
diff --git a/system-auth.in b/system-auth.in index 6eea7bc..9ae09e4 100644 --- a/system-auth.in +++ b/system-auth.in @@ -2,12 +2,6 @@ auth required pam_env.so DEBUG #endif -#if HAVE_FAILLOCK -auth required pam_faillock.so preauth silent audit deny=3 unlock_time=600 -auth sufficient pam_unix.so nullok try_first_pass -auth [default=die] pam_faillock.so authfail audit deny=3 unlock_time=600 -#endif - #if HAVE_PAM_SSH auth sufficient pam_ssh.so #endif @@ -18,6 +12,12 @@ auth required pam_unix.so try_first_pass LIKEAUTH NULLOK DEBUG /* This is needed to make sure that the Kerberos skip-on-success won't cause a bad jump. */ auth optional pam_permit.so +#if HAVE_FAILLOCK +auth required pam_faillock.so preauth silent audit deny=3 unlock_time=600 +auth sufficient pam_unix.so nullok try_first_pass +auth [default=die] pam_faillock.so authfail audit deny=3 unlock_time=600 +#endif + #if HAVE_KRB5 account KRB5_CONTROL pam_krb5.so KRB5_PARAMS #endif diff --git a/system-login.in b/system-login.in index 9e82d60..ee03613 100644 --- a/system-login.in +++ b/system-login.in @@ -1,8 +1,3 @@ -#if HAVE_FAILLOCK -auth required pam_faillock.so preauth silent audit deny=3 unlock_time=600 -auth sufficient pam_unix.so nullok try_first_pass -auth [default=die] pam_faillock.so authfail audit deny=3 unlock_time=600 -#endif #if HAVE_SHELLS auth required pam_shells.so DEBUG @@ -12,6 +7,12 @@ auth required pam_nologin.so DEBUG_NOLOGIN #endif auth include system-auth +#if HAVE_FAILLOCK +auth required pam_faillock.so preauth silent audit deny=3 unlock_time=600 +auth sufficient pam_unix.so nullok try_first_pass +auth [default=die] pam_faillock.so authfail audit deny=3 unlock_time=600 +#endif + #if HAVE_ACCESS account required pam_access.so DEBUG #endif |