faillock Issues

Hi all,

I'm struggling to get faillock to work on RHEL8.4 build. I've assumed last couple of days that it's because I was using SSSD to join the server to Active Directory but I can't get a fresh out of box standalone build to work either.

I've seen a number of recommendations not to edit /etc/pam.d/system-auth and password-auth directly and my initial attempts to add the required syntax using the OpenSCAP STIG remediation scripts fare no better than manual attempts.

If I aim to lock out a local user by more than 3 failed password attempts faillock --user lists 3 entries for the user. passwd -S shows the account as PS.

Last attempt I tried to use the guide in https://access.redhat.com/solutions/5027331 - it just doesn't want to work for some reason. Am I making a frequently seen rookie error? Cheers