| 192 |
- |
1 |
# Configuration for locking the user after multiple failed
|
|
|
2 |
# authentication attempts.
|
|
|
3 |
#
|
|
|
4 |
# The directory where the user files with the failure records are kept.
|
|
|
5 |
# The default is /var/run/faillock.
|
|
|
6 |
# dir = /var/run/faillock
|
|
|
7 |
#
|
|
|
8 |
# Will log the user name into the system log if the user is not found.
|
|
|
9 |
# Enabled if option is present.
|
|
|
10 |
# audit
|
|
|
11 |
#
|
|
|
12 |
# Don't print informative messages.
|
|
|
13 |
# Enabled if option is present.
|
|
|
14 |
# silent
|
|
|
15 |
#
|
|
|
16 |
# Don't log informative messages via syslog.
|
|
|
17 |
# Enabled if option is present.
|
|
|
18 |
# no_log_info
|
|
|
19 |
#
|
|
|
20 |
# Only track failed user authentications attempts for local users
|
|
|
21 |
# in /etc/passwd and ignore centralized (AD, IdM, LDAP, etc.) users.
|
|
|
22 |
# The `faillock` command will also no longer track user failed
|
|
|
23 |
# authentication attempts. Enabling this option will prevent a
|
|
|
24 |
# double-lockout scenario where a user is locked out locally and
|
|
|
25 |
# in the centralized mechanism.
|
|
|
26 |
# Enabled if option is present.
|
|
|
27 |
# local_users_only
|
|
|
28 |
#
|
|
|
29 |
# Deny access if the number of consecutive authentication failures
|
|
|
30 |
# for this user during the recent interval exceeds n tries.
|
|
|
31 |
# The default is 3.
|
|
|
32 |
# deny = 3
|
|
|
33 |
#
|
|
|
34 |
# The length of the interval during which the consecutive
|
|
|
35 |
# authentication failures must happen for the user account
|
|
|
36 |
# lock out is <replaceable>n</replaceable> seconds.
|
|
|
37 |
# The default is 900 (15 minutes).
|
|
|
38 |
# fail_interval = 900
|
|
|
39 |
#
|
|
|
40 |
# The access will be reenabled after n seconds after the lock out.
|
|
|
41 |
# The value 0 has the same meaning as value `never` - the access
|
|
|
42 |
# will not be reenabled without resetting the faillock
|
|
|
43 |
# entries by the `faillock` command.
|
|
|
44 |
# The default is 600 (10 minutes).
|
|
|
45 |
# unlock_time = 600
|
|
|
46 |
#
|
|
|
47 |
# Root account can become locked as well as regular accounts.
|
|
|
48 |
# Enabled if option is present.
|
|
|
49 |
# even_deny_root
|
|
|
50 |
#
|
|
|
51 |
# This option implies the `even_deny_root` option.
|
|
|
52 |
# Allow access after n seconds to root account after the
|
|
|
53 |
# account is locked. In case the option is not specified
|
|
|
54 |
# the value is the same as of the `unlock_time` option.
|
|
|
55 |
# root_unlock_time = 900
|
|
|
56 |
#
|
|
|
57 |
# If a group name is specified with this option, members
|
|
|
58 |
# of the group will be handled by this module the same as
|
|
|
59 |
# the root account (the options `even_deny_root>` and
|
|
|
60 |
# `root_unlock_time` will apply to them.
|
|
|
61 |
# By default, the option is not set.
|
|
|
62 |
# admin_group = <admin_group_name>
|