I am using this guide here to mod PAM using authconfig. Now I am looking for some tips or suggestions to accomplish my goal as smoothly as possible.My goal is being able to set lockouts for failed password attempts.So what would be the easiest way to use authconfig to mod PAM ?
Fedora Linux has switched from authconfig to authselect in recent versions. It looks like authselect does have a
with-faillock feature. I’m not really familiar with it though. I use fail2ban instead.
# authselect current Profile ID: sssd Enabled features: - with-silent-lastlog - with-mdns4 # authselect list-features sssd with-altfiles with-ecryptfs with-faillock with-files-access-provider with-files-domain with-fingerprint with-gssapi with-mdns4 with-mdns6 with-mkhomedir with-pam-gnome-keyring with-pam-u2f with-pam-u2f-2fa with-pamaccess with-silent-lastlog with-smartcard with-smartcard-lock-on-removal with-smartcard-required with-subid with-sudo without-nullok without-pam-u2f-nouserok # authselect enable-feature with-faillock Make sure that SSSD service is configured and enabled. See SSSD documentation for more information. # authselect current Profile ID: sssd Enabled features: - with-silent-lastlog - with-mdns4 - with-faillock