port from pam_tally2 to pam_faillock

since pam_tally2 was deprecated upstream
This commit is contained in:
Patrick Schleizer
2021-08-10 17:13:00 -04:00
parent 2bf0e7471c
commit 582492d6d8
6 changed files with 107 additions and 30 deletions

View File

@ -1,11 +1,11 @@
Name: lock accounts after 50 failed authentication attempts (by package security-misc)
Name: lock accounts after 50 failed authentication attempts (part 1) (by package security-misc)
Default: yes
Priority: 290
Auth-Type: Primary
Auth:
optional pam_exec.so debug stdout seteuid /usr/libexec/security-misc/pam-info
[success=1 default=ignore] pam_exec.so seteuid quiet /usr/libexec/security-misc/pam_faillock_not_if_x
requisite pam_faillock.so even_deny_root deny=50 onerr=fail audit debug
required pam_faillock.so preauth
Account-Type: Primary
Account:
requisite pam_faillock.so debug
requisite pam_faillock.so

View File

@ -0,0 +1,7 @@
Name: lock accounts after 50 failed authentication attempts (part 2) (by package security-misc)
Default: yes
Priority: 245
Auth-Type: Primary
Auth:
[default=die] pam_faillock.so authfail
sufficient pam_faillock.so authsucc