Score:1

How to configure pam_faillock in common-*?

bo flag

I noticed that fedora/redhat has tool authselect/authconfig to configure pam_faillock in system-auth ,so it will work in system-wide auth phase.

Ubuntu use pam-auth-update to configure system-wide common-* , I didn't find a way to use pam-auth-update to add pam_faillock into common-* , because pam_faillock needs to configure both in authsucc and authfail conditions. So I have to configure pam_faillock to common-* manually, and common-* may be overrided by upgrading other pam module, such as libpam-sss.

Is there any methods to configure pam_faillock elegantly in ubuntu?

Score:0
si flag

Bit late, but I've been looking into this myself and the below should work.

You'll need to create one or two pam-config files under /usr/share/pam-configs/

This one will enable the faillock functionality. You may just need to modify your /etc/security/faillock.conf file as needed.

# /usr/share/pam-configs/my_faillock
Name: Enforce failed login attempt counter
Default: no
Priority: 0
Auth-Type: Primary
Auth:
    [default=die]   pam_faillock.so authfail
    sufficient  pam_faillock.so authsucc

This one will notify (both cli and gui) if the account in question is locked.

# /usr/share/pam-configs/my_faillock_notify
Name: Notify of failed login attempts
Default: no
Priority: 1024
Auth-Type: Primary
Auth:
    requisite   pam_faillock.so preauth

After creating the above, you can enable with the pam-auth-update command.

I think technically, we aren't supposed to create files in this location, but it seems better than directly modifying files in /etc/pam.d/

See here for more info: https://wiki.ubuntu.com/PAMConfigFrameworkSpec

I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.