- Red Hat Enterprise Linux 7 (RHEL 7)
authconfigcommand removes the
faillockentries from PAM files.
faillockfor persistent settings in PAM files.
- Enable faillock using authconfig command.
# authconfig --enablefaillock --faillockargs="deny=6 unlock_time=1200" --update
- For details of
faillock arguments, refer man page
- Above configuration places below line in file
password stack. This is not the right place, it needs to be corrected manually by referring
/etc/pam.d/system-auth. Bug Reference
# auth required pam_faillock.so authfail deny=6 unlock_time=1200
authconfigcommand updates file
# grep -i faillock /etc/sysconfig/authconfig FAILLOCKARGS="deny=6 unlock_time=1200" USEFAILLOCK=yes
- Faillock is not enabled in file
# grep USEFAILLOCK /etc/sysconfig/authconfig USEFAILLOCK=no
- Red Hat Enterprise Linux
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.