[gentoo-commits] proj/pambase:master commit in: /

Mikle Kolyada Thu, 18 Jun 2020 03:12:23 -0700

commit:     75cd44e94032b13bba41539737d6ac63623217e1
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Thu Jun 18 10:02:10 2020 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Thu Jun 18 10:08:38 2020 +0000
URL:        https://gitweb.gentoo.org/proj/pambase.git/commit/?id=75cd44e9


move faillock last in auth

Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>

 system-auth.in  | 12 ++++++------
 system-login.in | 11 ++++++-----
 2 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/system-auth.in b/system-auth.in
index 6eea7bc..9ae09e4 100644
--- a/system-auth.in
+++ b/system-auth.in
@@ -2,12 +2,6 @@
 auth           required        pam_env.so DEBUG
 #endif
 
-#if HAVE_FAILLOCK
-auth            required        pam_faillock.so preauth silent audit deny=3 
unlock_time=600
-auth            sufficient      pam_unix.so nullok try_first_pass
-auth            [default=die]   pam_faillock.so authfail audit deny=3 
unlock_time=600
-#endif
-
 #if HAVE_PAM_SSH
 auth           sufficient      pam_ssh.so
 #endif
@@ -18,6 +12,12 @@ auth         required        pam_unix.so try_first_pass 
LIKEAUTH NULLOK DEBUG
 /* This is needed to make sure that the Kerberos skip-on-success won't cause a 
bad jump. */
 auth           optional        pam_permit.so
 
+#if HAVE_FAILLOCK
+auth            required        pam_faillock.so preauth silent audit deny=3 
unlock_time=600
+auth            sufficient      pam_unix.so nullok try_first_pass
+auth            [default=die]   pam_faillock.so authfail audit deny=3 
unlock_time=600
+#endif
+
 #if HAVE_KRB5
 account                KRB5_CONTROL    pam_krb5.so KRB5_PARAMS
 #endif

diff --git a/system-login.in b/system-login.in
index 9e82d60..ee03613 100644
--- a/system-login.in
+++ b/system-login.in
@@ -1,8 +1,3 @@
-#if HAVE_FAILLOCK
-auth            required        pam_faillock.so preauth silent audit deny=3 
unlock_time=600
-auth            sufficient     pam_unix.so nullok try_first_pass
-auth            [default=die]   pam_faillock.so authfail audit deny=3 
unlock_time=600
-#endif
 
 #if HAVE_SHELLS
 auth           required        pam_shells.so DEBUG
@@ -12,6 +7,12 @@ auth          required        pam_nologin.so DEBUG_NOLOGIN
 #endif
 auth           include         system-auth
 
+#if HAVE_FAILLOCK
+auth            required        pam_faillock.so preauth silent audit deny=3 
unlock_time=600
+auth            sufficient      pam_unix.so nullok try_first_pass
+auth            [default=die]   pam_faillock.so authfail audit deny=3 
unlock_time=600
+#endif
+
 #if HAVE_ACCESS
 account                required        pam_access.so DEBUG
 #endif

[gentoo-commits] proj/pambase:master commit in: /

Reply via email to