Jump to content
funtoo forums

Search the Community

Showing results for tags 'pam'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Funtoo Discussion Forums
    • News and Announcements
    • General Discussion
    • Dev Central
    • Funtoo Hosting
    • Funtoo Infrastructure
  • Help Central
    • General Help
    • Installation Help
    • Portage Help
    • Desktop Help
    • Server Help
  • Funtoo Services

Blogs

There are no results to display.

There are no results to display.


Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


freenode


github


Location


Interests

Found 1 result

  1. Oleg Vinichenko

    PAM: faillock integration

    pam-1.3.0-r3 ebuild introducing the faillock capability from Red Hat. This will allow locking of user account after a consequent login failure attempts. After a number of attempts (can be configured) the account will be locked for a certain time (can be configured). Testing can be performed by following. Set the keywords for sys-libs/pam ebuild and install new version. echo "=sys-libs/pam-1.3.0-r3 **" >> /etc/portage/package.accept_keywords emerge -1u pam After installation, edit /etc/pam.d/system-auth with editor and put the lines pointed auth required pam_env.so auth required pam_faillock.so preauth audit deny=3 unlock_time=60 auth required pam_unix.so try_first_pass likeauth nullok auth required pam_faillock.so authfail audit deny=3 fail_interval=60 unlock_time=60 auth optional pam_permit.so account required pam_faillock.so account required pam_unix.so account optional pam_permit.so password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password required pam_unix.so try_first_pass use_authtok nullok sha512 shadow password optional pam_permit.so session required pam_limits.so session required pam_env.so session required pam_unix.so session optional pam_permit.so Notice the lines in bold red. This is very important that first line in auth part is before pam_unix module. The second line must be after pam_unix module. In account part, pam_faillock module needed before pam_unix module. In example, 3 attempts are set for the locking. After that, account will be locked and in console you will see a message that account is locked for 60 seconds, in example. After that period of time, the account will be released. To review the state , you can use faillock utility installed by pam. For more advanced options, follow faillock and pam_faillock manual pages. If some mistakes possibly made with configuration, please, have a live cd to boot from to alter the changes in /etc/pam.d/system-auth. It is wise decision to have a copy of it somewhere before the tests.
×