- What is the max value of pam_faillock unlock_time?
man page PAM_FAILLOCK(8):
unlock_time=n The access will be reenabled after n seconds after the lock out. The default is 600 (10 minutes). If the n is set to never or 0 the access will not be reenabled at all until administrator explicitly reenables it with the faillock command. Note though that the default directory that pam_faillock uses is usually cleared on system boot so the access will be also reenabled after system reboot. If that is undesirable a different tally directory must be set with the dir option. Also note that it is usually undesirable to permanently lock out the users as they can become easily a target of denial of service attack unless the usernames are random and kept secret to potential attackers.
- Red Hat Enterprise Linux 6
- Red Hat Enterprise Linux 7