diff options
author | Thang Q. Nguyen <thang@os.amperecomputing.com> | 2023-02-27 07:20:50 +0300 |
---|---|---|
committer | Thang Q. Nguyen <thang@os.amperecomputing.com> | 2023-03-08 11:51:23 +0300 |
commit | 77d8382f1b7cff1cd97a19a51d40b6b8d3adb118 (patch) | |
tree | 3f80e1011a6a3071a1a17cb87b4dc09b59407ac1 /meta-ampere/meta-common/recipes-extended | |
parent | 9b2221aa5d2454db3c42277f9e11132759c20296 (diff) | |
download | openbmc-77d8382f1b7cff1cd97a19a51d40b6b8d3adb118.tar.xz |
meta-ampere: pam: set default unlock time to 1800
Ampere account lockout policy is defined as:
'Five consecutive failed login attempts will lock the account for 30 minutes".
While the login attempt was set to 5 already, the 30-minute lock period
(auto-unlock) has not been set.
This commit adds the missing 30-minute lockout by default.
Tested:
1. Enter WebUI -> User management
2. Click on Account policy settings and check if:
- Max failed login attempts: 5
- User unlock method: Automatic after timeout
- Timeout duration (seconds): 1800
Signed-off-by: Thang Q. Nguyen <thang@os.amperecomputing.com>
Change-Id: Ieed9a719c424a289687e66314f4c68de5d108b6e
Diffstat (limited to 'meta-ampere/meta-common/recipes-extended')
-rw-r--r-- | meta-ampere/meta-common/recipes-extended/pam/libpam/pam.d/common-auth | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/meta-ampere/meta-common/recipes-extended/pam/libpam/pam.d/common-auth b/meta-ampere/meta-common/recipes-extended/pam/libpam/pam.d/common-auth index c79219f24d..508ef7a0cc 100644 --- a/meta-ampere/meta-common/recipes-extended/pam/libpam/pam.d/common-auth +++ b/meta-ampere/meta-common/recipes-extended/pam/libpam/pam.d/common-auth @@ -8,7 +8,7 @@ # traditional Unix authentication mechanisms. # here are the per-package modules (the "Primary" block) -auth [success=ok user_unknown=ignore default=2] pam_tally2.so deny=5 unlock_time=0 +auth [success=ok user_unknown=ignore default=2] pam_tally2.so deny=5 unlock_time=1800 # Try for local user first, and then try for ldap auth [success=2 default=ignore] pam_unix.so quiet -auth [success=1 default=ignore] pam_ldap.so ignore_unknown_user ignore_authinfo_unavail |