content The pam_faillock module was wrongly used as basis for pam related restriction rules for SLE platforms.

The pam_faillock module was wrongly used as basis for pam related restriction rules for SLE platforms.

Open teacup-on-rockingchair opened this issue 2 years ago • 1 comments

Share the context

The pam_faillock module was wrongly used as basis for pam related restriction rules for SLE platforms. The pam_tally2 should be used instead. Credit goes to @marcusburghardt for finding and handling that initally in the context of #7564

Description of problem:

pam_faillock module is not installed by default on SUSE's SLE platforms and pam_tally module rules should be used instead.

Proposed change:

Review current rules used in SLE platform profiles that rely on pam_faillock and replace them with pam_tally

References:

https://documentation.suse.com/sles/15-SP2/html/SLES-all/sec-sec-user-management.html
#7564
#9104

Jul 08 '22 07:07 teacup-on-rockingchair

My current status check of pam_faillock based rules for SLE platforms showed two main things:

Last service pack for the SLE15 platform supports out of box pam_faillock so those should be OK now on latest SLE15
for the SLE12 platform tried to address the issue in #9419 . Once I have merged other pending changes regarding ANSSI profiles will rebase the last and it will be also available for merg

Aug 29 '22 06:08 teacup-on-rockingchair

content content copied to clipboard

The pam_faillock module was wrongly used as basis for pam related restriction rules for SLE platforms.

Share the context

Description of problem:

Proposed change:

References:

content
content copied to clipboard