summaryrefslogtreecommitdiffstats
path: root/source/a/util-linux/pam.d/login
diff options
context:
space:
mode:
Diffstat (limited to 'source/a/util-linux/pam.d/login')
-rw-r--r--source/a/util-linux/pam.d/login11
1 files changed, 8 insertions, 3 deletions
diff --git a/source/a/util-linux/pam.d/login b/source/a/util-linux/pam.d/login
index 9209ef5bf..1e965f11e 100644
--- a/source/a/util-linux/pam.d/login
+++ b/source/a/util-linux/pam.d/login
@@ -1,9 +1,14 @@
#%PAM-1.0
auth required pam_securetty.so
-# To set a limit on failed authentications, the pam_tally2 module
-# can be enabled. See pam_tally2(8) for options.
-#auth required pam_tally2.so deny=4 unlock_time=1200
+# When using pam_faillock, print a message to the user if the account is
+# locked. This lets the user know what is going on, but it also potentially
+# gives additional information to attackers:
+#auth requisite pam_faillock.so preauth
auth include system-auth
+# To set a limit on failed authentications, the pam_faillock module
+# can be enabled. See pam_faillock(8) for more information.
+#auth [default=die] pam_faillock.so authfail
+#auth sufficient pam_faillock.so authsucc
auth include postlogin
account required pam_nologin.so
account include system-auth