search for: pam_faillock

...ecot sasl component to use different authorisation back-ends, such as LDAP, GSSAPI, MySQL etc. These do not necessarily have the ability to reject uid < 500. However, generally, these backends can be used by pam as well. In default debian installations: cat dovecot #%PAM-1.0 #auth required pam_faillock.so preauth silent audit #auth [default=die] pam_faillock.so authfail audit @include common-auth @include common-account @include common-session cat common-auth # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM co...

...> back-ends, such as LDAP, GSSAPI, MySQL etc. These do not necessarily > have the ability to reject uid < 500. > > However, generally, these backends can be used by pam as well. In > default debian installations: > > cat dovecot > #%PAM-1.0 > > #auth required pam_faillock.so preauth silent audit > #auth [default=die] pam_faillock.so authfail audit > > @include common-auth > @include common-account > @include common-session > > cat common-auth > > # > # /etc/pam.d/common-auth - authentication settings common to all services > # &gt...

...ancette/oz/blob/e74ce83283d468fd987583d6837b441608e5f8f0/oz/Windows.py ) - (librarian suggests ...) . install a firstboot script virt-sysprep --script=/tmp/foo.sh - . run an external shell script . run external guestfish script virt-sysprep --fish=/tmp/foo.fish - - /var/run/* and pam_faillock's data files - if drives are encrypted, then dm-crypt key should be changed and drives all re-encrypted - /etc/pki -- 1.7.10

...ny other software product that reads the password database. All the installer can do is read in the plain-text password, check to make sure it passes a minimum policy, then crypt it and put it in the shadow file. There are certainly things that could change, like having the pam configuration have pam_faillock on by default. But I tend to think that having brute-force resistance *AND* slightly better password security should be the goal, not one to the exclusion of the other. -- Jonathan Billings <billings at negate.org>

...? user=test Mar 15 15:44:29 testbox sshd[4051]: Failed password fortest from X port 57118 ssh2 Mar 15 15:44:29 testbox sshd[4051]: Failed password fortest from X port 57118 ssh2 Mar 15 15:44:33 testbox sshd[4051]: Failed password fortest from X port 57118 ssh2 Mar 15 15:44:35 testbox sshd[4051]:pam_faillock(sshd:auth): Consecutive login failures for user test accounttemporarily locked Mar 15 15:44:37 testbox sshd[4051]: Failed password fortest from X port 57118 ssh2 Mar 15 15:44:44 testbox sshd[4051]: Accepted password fortest from X port 57118 ssh2 Mar 15 15:44:44 testbox sshd[4051]:pam_unix(sshd:...

...ate mode 100644 sysprep/sysprep_operation_ssh_userdir.ml diff --git a/TODO b/TODO index 3d5613c..bf96ab0 100644 --- a/TODO +++ b/TODO @@ -543,7 +543,6 @@ virt-sysprep ideas . run external guestfish script virt-sysprep --fish=/tmp/foo.fish . rm /var/cache/apt/archives/* - /var/run/* and pam_faillock's data files - - homedirs/.ssh directory, especially /root/.ssh (Steve Grubb) - if drives are encrypted, then dm-crypt key should be changed and drives all re-encrypted - /etc/pki diff --git a/sysprep/Makefile.am b/sysprep/Makefile.am index 3a48702..f51fc07 100644 --- a/sysprep/Makefile...

On Tue, Feb 3, 2015 at 2:03 PM, Always Learning <centos at u64.u22.net> wrote: > > Nothing wrong with letting "an expert" preconfigure the system and then, > after installation, the SysAdmin checking to ensure all the settings > satisfy the SysAdmin's requirements. > I'd just rather see them applying their expertise to actually making the code resist