1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162 |
- # Configuration for locking the user after multiple failed
- # authentication attempts.
- #
- # The directory where the user files with the failure records are kept.
- # The default is /var/run/faillock.
- # dir = /var/run/faillock
- #
- # Will log the user name into the system log if the user is not found.
- # Enabled if option is present.
- # audit
- #
- # Don't print informative messages.
- # Enabled if option is present.
- # silent
- #
- # Don't log informative messages via syslog.
- # Enabled if option is present.
- # no_log_info
- #
- # Only track failed user authentications attempts for local users
- # in /etc/passwd and ignore centralized (AD, IdM, LDAP, etc.) users.
- # The `faillock` command will also no longer track user failed
- # authentication attempts. Enabling this option will prevent a
- # double-lockout scenario where a user is locked out locally and
- # in the centralized mechanism.
- # Enabled if option is present.
- # local_users_only
- #
- # Deny access if the number of consecutive authentication failures
- # for this user during the recent interval exceeds n tries.
- # The default is 3.
- # deny = 3
- #
- # The length of the interval during which the consecutive
- # authentication failures must happen for the user account
- # lock out is <replaceable>n</replaceable> seconds.
- # The default is 900 (15 minutes).
- # fail_interval = 900
- #
- # The access will be re-enabled after n seconds after the lock out.
- # The value 0 has the same meaning as value `never` - the access
- # will not be re-enabled without resetting the faillock
- # entries by the `faillock` command.
- # The default is 600 (10 minutes).
- # unlock_time = 600
- #
- # Root account can become locked as well as regular accounts.
- # Enabled if option is present.
- # even_deny_root
- #
- # This option implies the `even_deny_root` option.
- # Allow access after n seconds to root account after the
- # account is locked. In case the option is not specified
- # the value is the same as of the `unlock_time` option.
- # root_unlock_time = 900
- #
- # If a group name is specified with this option, members
- # of the group will be handled by this module the same as
- # the root account (the options `even_deny_root>` and
- # `root_unlock_time` will apply to them.
- # By default, the option is not set.
- # admin_group = <admin_group_name>
|