diff options
Diffstat (limited to 'patches/source/util-linux/pam.d/login')
-rw-r--r-- | patches/source/util-linux/pam.d/login | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/patches/source/util-linux/pam.d/login b/patches/source/util-linux/pam.d/login new file mode 100644 index 000000000..8b6792263 --- /dev/null +++ b/patches/source/util-linux/pam.d/login @@ -0,0 +1,20 @@ +#%PAM-1.0 +auth required pam_securetty.so +# When using pam_faillock, print a message to the user if the account is +# locked. This lets the user know what is going on, but it also potentially +# gives additional information to attackers: +#auth requisite pam_faillock.so preauth +auth include system-auth +# To set a limit on failed authentications, the pam_faillock module +# can be enabled. See pam_faillock(8) for more information. +#auth [default=die] pam_faillock.so authfail +#auth sufficient pam_faillock.so authsucc +auth include postlogin +account required pam_nologin.so +account include system-auth +password include system-auth +session include system-auth +session include postlogin +session required pam_loginuid.so +-session optional pam_ck_connector.so nox11 +-session optional pam_elogind.so |