What is the max value of pam_faillock unlock_time?
Issue
- What is the max value of pam_faillock unlock_time?
man page PAM_FAILLOCK(8):
unlock_time=n
The access will be reenabled after n seconds after the lock out. The default is 600 (10 minutes).
If the n is set to never or 0 the access will not be reenabled at all until administrator explicitly reenables it with the faillock
command. Note though that the default directory that pam_faillock uses is usually cleared on system boot so the access will be also
reenabled after system reboot. If that is undesirable a different tally directory must be set with the dir option.
Also note that it is usually undesirable to permanently lock out the users as they can become easily a target of denial of service attack
unless the usernames are random and kept secret to potential attackers.
Environment
- Red Hat Enterprise Linux 6
- Red Hat Enterprise Linux 7
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.