Hi everyone,
I am using this guide here to mod PAM using authconfig. Now I am looking for some tips or suggestions to accomplish my goal as smoothly as possible.My goal is being able to set lockouts for failed password attempts.So what would be the easiest way to use authconfig to mod PAM ?
Fedora Linux has switched from authconfig to authselect in recent versions. It looks like authselect does have a with-faillock feature. I’m not really familiar with it though. I use fail2ban instead.
# authselect current
Profile ID: sssd
Enabled features:
- with-silent-lastlog
- with-mdns4
# authselect list-features sssd
with-altfiles
with-ecryptfs
with-faillock
with-files-access-provider
with-files-domain
with-fingerprint
with-gssapi
with-mdns4
with-mdns6
with-mkhomedir
with-pam-gnome-keyring
with-pam-u2f
with-pam-u2f-2fa
with-pamaccess
with-silent-lastlog
with-smartcard
with-smartcard-lock-on-removal
with-smartcard-required
with-subid
with-sudo
without-nullok
without-pam-u2f-nouserok
# authselect enable-feature with-faillock
Make sure that SSSD service is configured and enabled. See SSSD documentation for more information.
# authselect current
Profile ID: sssd
Enabled features:
- with-silent-lastlog
- with-mdns4
- with-faillock
1 Like