What is the max value of pam_faillock unlock_time?

Solution Unverified - Updated -

Issue

  • What is the max value of pam_faillock unlock_time?

man page PAM_FAILLOCK(8):

       unlock_time=n
           The access will be reenabled after n seconds after the lock out. The default is 600 (10 minutes).

           If the n is set to never or 0 the access will not be reenabled at all until administrator explicitly reenables it with the faillock
           command. Note though that the default directory that pam_faillock uses is usually cleared on system boot so the access will be also
           reenabled after system reboot. If that is undesirable a different tally directory must be set with the dir option.

           Also note that it is usually undesirable to permanently lock out the users as they can become easily a target of denial of service attack
           unless the usernames are random and kept secret to potential attackers.

Environment

  • Red Hat Enterprise Linux 6
  • Red Hat Enterprise Linux 7

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content