The modification of the password lockout rule to use pam_tally2 was
based on the following:
http://secureos.wordpress.com/category/rhel6/page/2/
This was written specifically for RHEL6, for what it's worth. Taking
Steve's guidance in mind, I went looking for guidance for pam_faillock,
which led to:
http://linux0wned.blogspot.com/2011/06/pamfaillock.html
...which references a pam_unix.so line -- I see no such line in
/etc/pam.d/login
The pam_faillock man page shows two configuration examples, both
referring to /etc/pam.d/login -- neither example resembles that file on
my RHEL6 system. My /pam.d/login file contains several references to
system-auth, unlike the man page example which just lists pam modules.
Does anyone have definitive documentation on proper implementation of
pam_faillock that will serve our purposes here?
Thanks,
David
_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
