Mr. Crawford, Thank you, for that! I had an inkling that was all there was to it, but I had read a blog somewhere on pam_faillock that was using language like "needs to be in /etc/pam.d/login".
- Sean Alderman "Peace begins with a smile." - Blessed Mother Teresa On Mon, Nov 23, 2015 at 3:06 PM, Crawford, Nicholas P CTR USARMY RDECOM CERDEC (US) <[email protected]> wrote: > They're cascaded via the "include" directives included in login (as well as > most others, i.e. sshd, gdm, sudo). > > Thus system-auth changes carry over to all other subsystems, not just > login. > > Man pages for system-auth and system-auth-ac give some background. > > The use of pam.d/login in the pam_faillock man page is simply an example on > its use. > > -Nick > > -- > Nicholas P. Crawford, Contractor > Senior UNIX Systems Administrator > Manufacturing Techniques, Inc. (MTEQ) > NVESD Network Services Branch, US Army > email: [email protected] > NIPR: [email protected] > SIPR: [email protected] > work: 703.704.2299 dsn: 312.654.2299 > cell: 571.225.1283 > > > > -----Original Message----- > > From: Sean [mailto:[email protected]] > > Sent: Monday, November 23, 2015 2:41 PM > > To: [email protected] > > Subject: [Non-DoD Source] Question on use of pam_faillock.so in > > account lockout remediation > > > > Hi, > > > > I was curious if someone could point me toward the reasoning behind > > why these remediation scripts are using /etc/pam.d/system- auth and > > /etc/pam.d/password-auth? It seems like the man page for pam_faillock > > directs the usage to /etc/pam.d/login instead. > > > > Thank you kindly, > > > > > > --Sean > >
-- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/admin/lists/[email protected] https://github.com/OpenSCAP/scap-security-guide/
