>From 6313df4be6a0c8a24188649ea9da3244d964c6b0 Mon Sep 17 00:00:00 2001 From: Shawn Wells <[email protected]> Date: Thu, 14 Mar 2013 20:40:15 -0400 Subject: [PATCH] [bugfix] ticket 377: RHEL-06-000061 breaks sudo Corrected location to place pam_faillock within the system-auth config file
Previously, sudo would result in an immediate "invalid password" error and prevent GNOME logins Thank you to Michael D. for reporting, and Leland S. for the fix! --- RHEL6/input/system/accounts/pam.xml | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/RHEL6/input/system/accounts/pam.xml b/RHEL6/input/system/accounts/pam.xml index 3a11bef..0253b48 100644 --- a/RHEL6/input/system/accounts/pam.xml +++ b/RHEL6/input/system/accounts/pam.xml @@ -395,7 +395,8 @@ and a second to use unlock_time and set it to a Value To configure the system to lock out accounts after a number of incorrect login attempts using <tt>pam_faillock.so</tt>: <br /><br /> -Add the following lines immediately below the <tt>pam_env.so</tt> statement in <tt>/etc/pam.d/system-auth</tt>: +Add the following lines immediately below the <tt>pam_unix.so</tt> statement in <tt>AUTH</tt> section of +<tt>/etc/pam.d/system-auth</tt>: <pre>auth [default=die] pam_faillock.so authfail deny=3 unlock_time=604800 fail_interval=900</pre> <pre>auth required pam_faillock.so authsucc deny=3 unlock_time=604800 fail_interval=900</pre> </description> -- 1.7.1
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
