- Red Hat Enterprise Linux 7 (RHEL 7)
authconfig command removes the
faillock entries from PAM files.
faillock for persistent settings in PAM files.
1. Enable faillock using authconfig command.
# authconfig --enablefaillock --faillockargs="deny=6 unlock_time=1200" --update
- For details of
faillock arguments, refer man page
- Above configuration places below line in file
password stack. This is not the right place, it needs to be corrected manually by referring
/etc/pam.d/system-auth. Bug Reference
# auth required pam_faillock.so authfail deny=6 unlock_time=1200
authconfig command updates file
# grep -i faillock /etc/sysconfig/authconfig FAILLOCKARGS="deny=6 unlock_time=1200" USEFAILLOCK=yes
- Faillock is not enabled in file
# grep USEFAILLOCK /etc/sysconfig/authconfig USEFAILLOCK=no
- Red Hat Enterprise Linux
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.