Jump to content

Search the Community

Showing results for tags 'pam'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Funtoo Discussion Forums
    • News and Announcements
    • General Discussion
    • Dev Central
    • Funtoo Hosting
    • Funtoo Infrastructure
  • Help Central
    • General Help
    • Installation Help
    • Portage Help
    • Desktop Help
    • Server Help
  • Funtoo Services


  • drobbins' Blog
  • It's a Bear's life
  • haxmeister's Blog
  • psychopatch's Blog
  • 666threesixes666's Blog
  • decision theory
  • Chris Kurlinski's Blog
  • Sandro's Blog
  • danielv's Blog
  • Not So Stupid Admin Tricks
  • maldoror's Blog
  • andreawilson's Blog
  • Simple Step-by-Step Server Setup
  • saraedward's Blog
  • eusanpe
  • Funtoo Perl Hackers's Perl on Funtoo

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start






First Name

Last Name



Found 1 result

  1. pam-1.3.0-r3 ebuild introducing the faillock capability from Red Hat. This will allow locking of user account after a consequent login failure attempts. After a number of attempts (can be configured) the account will be locked for a certain time (can be configured). Testing can be performed by following. Set the keywords for sys-libs/pam ebuild and install new version. echo "=sys-libs/pam-1.3.0-r3 **" >> /etc/portage/package.accept_keywords emerge -1u pam After installation, edit /etc/pam.d/system-auth with editor and put the lines pointed auth required pam_env.so auth required pam_faillock.so preauth audit deny=3 unlock_time=60 auth required pam_unix.so try_first_pass likeauth nullok auth required pam_faillock.so authfail audit deny=3 fail_interval=60 unlock_time=60 auth optional pam_permit.so account required pam_faillock.so account required pam_unix.so account optional pam_permit.so password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password required pam_unix.so try_first_pass use_authtok nullok sha512 shadow password optional pam_permit.so session required pam_limits.so session required pam_env.so session required pam_unix.so session optional pam_permit.so Notice the lines in bold red. This is very important that first line in auth part is before pam_unix module. The second line must be after pam_unix module. In account part, pam_faillock module needed before pam_unix module. In example, 3 attempts are set for the locking. After that, account will be locked and in console you will see a message that account is locked for 60 seconds, in example. After that period of time, the account will be released. To review the state , you can use faillock utility installed by pam. For more advanced options, follow faillock and pam_faillock manual pages. If some mistakes possibly made with configuration, please, have a live cd to boot from to alter the changes in /etc/pam.d/system-auth. It is wise decision to have a copy of it somewhere before the tests.
  • Create New...