summaryrefslogtreecommitdiffstats
path: root/abs/core/pambase/system-auth
diff options
context:
space:
mode:
Diffstat (limited to 'abs/core/pambase/system-auth')
-rw-r--r--abs/core/pambase/system-auth32
1 files changed, 21 insertions, 11 deletions
diff --git a/abs/core/pambase/system-auth b/abs/core/pambase/system-auth
index 2645043..af1d3a6 100644
--- a/abs/core/pambase/system-auth
+++ b/abs/core/pambase/system-auth
@@ -1,16 +1,26 @@
#%PAM-1.0
-auth required pam_unix.so try_first_pass nullok
-auth optional pam_permit.so
-auth required pam_env.so
+auth required pam_faillock.so preauth
+# Optionally use requisite above if you do not want to prompt for the password
+# on locked accounts.
+auth [success=2 default=ignore] pam_unix.so try_first_pass nullok
+-auth [success=1 default=ignore] pam_systemd_home.so
+auth [default=die] pam_faillock.so authfail
+auth optional pam_permit.so
+auth required pam_env.so
+auth required pam_faillock.so authsucc
+# If you drop the above call to pam_faillock.so the lock will be done also
+# on non-consecutive authentication failures.
-account required pam_unix.so
-account optional pam_permit.so
-account required pam_time.so
+-account [success=1 default=ignore] pam_systemd_home.so
+account required pam_unix.so
+account optional pam_permit.so
+account required pam_time.so
-password required pam_unix.so try_first_pass nullok sha512 shadow
-password optional pam_permit.so
+-password [success=1 default=ignore] pam_systemd_home.so
+password required pam_unix.so try_first_pass nullok shadow
+password optional pam_permit.so
-session required pam_limits.so
-session required pam_unix.so
-session optional pam_permit.so
+session required pam_limits.so
+session required pam_unix.so
+session optional pam_permit.so
generated by cgit v0.12 at 2024-05-02 10:37:06 (GMT)