I have created a custom /etc/security/faillock.conf file in order to define my account locking policy.
I created a custom authselect profile, enabled the faillock ( with-faillock), however, the file is not taken into account!
Specifically, I set the lockout time to 900 and the failed login attempts to 3 and to lock even the root account (don't ask).
However, in the system-auth (and all the rest of the files) under /etc/authselect/ I see the following entries:
Code: Select all
/etc/authselect/password-auth:auth required pam_faillock.so preauth silent deny=4 unlock_time=1200
/etc/authselect/password-auth:auth required pam_faillock.so authfail deny=4 unlock_time=1200
/etc/authselect/system-auth:auth required pam_faillock.so preauth silent deny=4 unlock_time=1200
/etc/authselect/system-auth:auth required pam_faillock.so authfail deny=4 unlock_time=1200