Page 1 of 1

Faillock.conf not honoured

Posted: 2020/12/19 08:05:50
by s91066
Hello,
I have created a custom /etc/security/faillock.conf file in order to define my account locking policy.
I created a custom authselect profile, enabled the faillock ( with-faillock), however, the file is not taken into account!
Specifically, I set the lockout time to 900 and the failed login attempts to 3 and to lock even the root account (don't ask).

However, in the system-auth (and all the rest of the files) under /etc/authselect/ I see the following entries:

Code: Select all

/etc/authselect/password-auth:auth        required    pam_faillock.so preauth silent deny=4 unlock_time=1200
/etc/authselect/password-auth:auth        required   pam_faillock.so authfail deny=4 unlock_time=1200
/etc/authselect/system-auth:auth        required    pam_faillock.so preauth silent deny=4 unlock_time=1200
/etc/authselect/system-auth:auth        required    pam_faillock.so authfail deny=4 unlock_time=1200
Obviously, I am doing something wrong, but I cannot find any relevant document on how to use this file with authselect, or how to instruct authselect to use it.