The PAM stack is modified, adding lines for pam_faillock.so. The line with authfail line is inserted "after pam_unix.so". When there are alternative authentication methods (ex: pam_krb5.so or pam_sssd.so), this breaks them.
It would be better to add this line "before pam_deny.so" instead. This would still have the desired effect, without breaking alternative authentication methods. What's the best path to get this change made? Thanks.
_______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
