diff options
author | Sam James <sam@gentoo.org> | 2020-10-12 15:25:20 +0000 |
---|---|---|
committer | Sam James <sam@gentoo.org> | 2020-10-12 15:27:54 +0000 |
commit | f28eb0e9d1f9d46d6d4d17164a1ed98461c2a377 (patch) | |
tree | 023b18b2bbc968e88c02e980bf077ef9daee90c9 | |
parent | templates/system-login.tpl: move systemd, elogind blocks here (diff) | |
parent | switch pam_faillock.so to its config file (diff) | |
download | pambase-f28eb0e9d1f9d46d6d4d17164a1ed98461c2a377.tar.gz pambase-f28eb0e9d1f9d46d6d4d17164a1ed98461c2a377.tar.bz2 pambase-f28eb0e9d1f9d46d6d4d17164a1ed98461c2a377.zip |
templates/system-login.tpl: remove duplicate block from system-auth (again)
Signed-off-by: Sam James <sam@gentoo.org>
-rw-r--r-- | templates/system-auth.tpl | 5 | ||||
-rw-r--r-- | templates/system-login.tpl | 6 |
2 files changed, 6 insertions, 5 deletions
diff --git a/templates/system-auth.tpl b/templates/system-auth.tpl index f8484f1..11319d6 100644 --- a/templates/system-auth.tpl +++ b/templates/system-auth.tpl @@ -9,11 +9,6 @@ auth [success=1 default=ignore] pam_krb5.so {{ krb5_params }} auth required pam_unix.so try_first_pass {{ likeauth }} {{ nullok|default('', true) }} {{ debug|default('', true) }} auth optional pam_permit.so -{% if not minimal %} -auth required pam_faillock.so preauth silent audit deny=3 unlock_time=600 -auth sufficient pam_unix.so {{ nullok|default('', true) }} try_first_pass -auth [default=die] pam_faillock.so authfail audit deny=3 unlock_time=600 -{% endif %} {% if krb5 %} account [success=1 default=ignore] pam_krb5.so {{ krb5_params }} diff --git a/templates/system-login.tpl b/templates/system-login.tpl index 889c2d7..25843f5 100644 --- a/templates/system-login.tpl +++ b/templates/system-login.tpl @@ -2,6 +2,12 @@ auth required pam_shells.so {{ debug|default('', true) }} auth required pam_nologin.so auth include system-auth +{% if not minimal %} +auth required pam_faillock.so preauth conf=/etc/security/faillock.conf +auth sufficient pam_unix.so nullok try_first_pass +auth [default=die] pam_faillock.so authfail +{% endif %} + account required pam_access.so {{ debug|default('', true) }} account required pam_nologin.so account include system-auth |