They're cascaded via the "include" directives included in login (as well as most others, i.e. sshd, gdm, sudo).
Thus system-auth changes carry over to all other subsystems, not just login. Man pages for system-auth and system-auth-ac give some background. The use of pam.d/login in the pam_faillock man page is simply an example on its use. -Nick -- Nicholas P. Crawford, Contractor Senior UNIX Systems Administrator Manufacturing Techniques, Inc. (MTEQ) NVESD Network Services Branch, US Army email: [email protected] NIPR: [email protected] SIPR: [email protected] work: 703.704.2299 dsn: 312.654.2299 cell: 571.225.1283 > -----Original Message----- > From: Sean [mailto:[email protected]] > Sent: Monday, November 23, 2015 2:41 PM > To: [email protected] > Subject: [Non-DoD Source] Question on use of pam_faillock.so in > account lockout remediation > > Hi, > > I was curious if someone could point me toward the reasoning behind > why these remediation scripts are using /etc/pam.d/system- auth and > /etc/pam.d/password-auth? It seems like the man page for pam_faillock > directs the usage to /etc/pam.d/login instead. > > Thank you kindly, > > > --Sean
smime.p7s
Description: S/MIME cryptographic signature
-- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/admin/lists/[email protected] https://github.com/OpenSCAP/scap-security-guide/
