%PDF- %PDF-
Direktori : /etc/security/ |
Current File : //etc/security/faillock.conf |
# Configuration for locking the user after multiple failed # authentication attempts. # # The directory where the user files with the failure records are kept. # The default is /var/run/faillock. # dir = /var/run/faillock # # Will log the user name into the system log if the user is not found. # Enabled if option is present. # audit # # Don't print informative messages. # Enabled if option is present. # silent # # Don't log informative messages via syslog. # Enabled if option is present. # no_log_info # # Only track failed user authentications attempts for local users # in /etc/passwd and ignore centralized (AD, IdM, LDAP, etc.) users. # The `faillock` command will also no longer track user failed # authentication attempts. Enabling this option will prevent a # double-lockout scenario where a user is locked out locally and # in the centralized mechanism. # Enabled if option is present. # local_users_only # # Deny access if the number of consecutive authentication failures # for this user during the recent interval exceeds n tries. # The default is 3. # deny = 3 # # The length of the interval during which the consecutive # authentication failures must happen for the user account # lock out is <replaceable>n</replaceable> seconds. # The default is 900 (15 minutes). # fail_interval = 900 # # The access will be reenabled after n seconds after the lock out. # The value 0 has the same meaning as value `never` - the access # will not be reenabled without resetting the faillock # entries by the `faillock` command. # The default is 600 (10 minutes). # unlock_time = 600 # # Root account can become locked as well as regular accounts. # Enabled if option is present. # even_deny_root # # This option implies the `even_deny_root` option. # Allow access after n seconds to root account after the # account is locked. In case the option is not specified # the value is the same as of the `unlock_time` option. # root_unlock_time = 900 # # If a group name is specified with this option, members # of the group will be handled by this module the same as # the root account (the options `even_deny_root>` and # `root_unlock_time` will apply to them. # By default, the option is not set. # admin_group = <admin_group_name>