Blame | Last modification | View Log | RSS feed
# Configuration for locking the user after multiple failed# authentication attempts.## The directory where the user files with the failure records are kept.# The default is /var/run/faillock.# dir = /var/run/faillock## Will log the user name into the system log if the user is not found.# Enabled if option is present.# audit## Don't print informative messages.# Enabled if option is present.# silent## Don't log informative messages via syslog.# Enabled if option is present.# no_log_info## Only track failed user authentications attempts for local users# in /etc/passwd and ignore centralized (AD, IdM, LDAP, etc.) users.# The `faillock` command will also no longer track user failed# authentication attempts. Enabling this option will prevent a# double-lockout scenario where a user is locked out locally and# in the centralized mechanism.# Enabled if option is present.# local_users_only## Deny access if the number of consecutive authentication failures# for this user during the recent interval exceeds n tries.# The default is 3.# deny = 3## The length of the interval during which the consecutive# authentication failures must happen for the user account# lock out is <replaceable>n</replaceable> seconds.# The default is 900 (15 minutes).# fail_interval = 900## The access will be reenabled after n seconds after the lock out.# The value 0 has the same meaning as value `never` - the access# will not be reenabled without resetting the faillock# entries by the `faillock` command.# The default is 600 (10 minutes).# unlock_time = 600## Root account can become locked as well as regular accounts.# Enabled if option is present.# even_deny_root## This option implies the `even_deny_root` option.# Allow access after n seconds to root account after the# account is locked. In case the option is not specified# the value is the same as of the `unlock_time` option.# root_unlock_time = 900## If a group name is specified with this option, members# of the group will be handled by this module the same as# the root account (the options `even_deny_root>` and# `root_unlock_time` will apply to them.# By default, the option is not set.# admin_group = <admin_group_name>