What is the max value of pam_faillock unlock_time?

Solution Unverified - Updated -

Issue

  • What is the max value of pam_faillock unlock_time?

man page PAM_FAILLOCK(8):

       unlock_time=n
           The access will be reenabled after n seconds after the lock out. The default is 600 (10 minutes).

           If the n is set to never or 0 the access will not be reenabled at all until administrator explicitly reenables it with the faillock
           command. Note though that the default directory that pam_faillock uses is usually cleared on system boot so the access will be also
           reenabled after system reboot. If that is undesirable a different tally directory must be set with the dir option.

           Also note that it is usually undesirable to permanently lock out the users as they can become easily a target of denial of service attack
           unless the usernames are random and kept secret to potential attackers.

Environment

  • Red Hat Enterprise Linux 6
  • Red Hat Enterprise Linux 7

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In