diff options
| author | Adrien Nader <adrien@notk.org> | 2020-06-13 23:40:37 +0200 |
|---|---|---|
| committer | Adrien Nader <adrien@notk.org> | 2020-06-13 23:40:37 +0200 |
| commit | b95288e2382c624d9c7e65e35ab38338d9a8a570 (patch) | |
| tree | f1ca4bd78eab89d9a428279eef66c00b484af1c6 /slackware64-current/source/n | |
| parent | eb32d5d0f1545edc413f102037a37e181a5f4907 (diff) | |
Sat Jun 13 20:40:31 UTC 2020
a/pam-1.4.0-x86_64-1.txz: Upgraded.
IMPORTANT NOTE: This update removes the pam_cracklib and pam_tally2 modules.
None of our current configuration files in /etc/pam.d/ use either of those,
but if the configuration files on your machine do you'll need to comment out
or remove those lines, otherwise you may experience login failures.
a/shadow-4.8.1-x86_64-9.txz: Rebuilt.
/etc/pam.d/system-auth: prefix lines that call pam_gnome_keyring.so with '-'
to avoid spamming the logs about failures.
a/sysvinit-scripts-2.1-noarch-32.txz: Rebuilt.
rc.S: create /var/run/faillock directory for pam_faillock(8).
a/util-linux-2.35.2-x86_64-2.txz: Rebuilt.
/etc/pam.d/login: change the example for locking an account for too many
failed login attempts to use pam_faillock instead of pam_tally2.
l/imagemagick-7.0.10_19-x86_64-1.txz: Upgraded.
l/libzip-1.7.1-x86_64-1.txz: Upgraded.
n/openssh-8.3p1-x86_64-2.txz: Rebuilt.
/etc/pam.d/sshd: change the example for locking an account for too many
failed login attempts to use pam_faillock instead of pam_tally2.
Diffstat (limited to 'slackware64-current/source/n')
| -rwxr-xr-x | slackware64-current/source/n/openssh/openssh.SlackBuild | 2 | ||||
| -rw-r--r-- | slackware64-current/source/n/openssh/sshd.pam | 13 |
2 files changed, 9 insertions, 6 deletions
diff --git a/slackware64-current/source/n/openssh/openssh.SlackBuild b/slackware64-current/source/n/openssh/openssh.SlackBuild index 3c614d877..3a423c91f 100755 --- a/slackware64-current/source/n/openssh/openssh.SlackBuild +++ b/slackware64-current/source/n/openssh/openssh.SlackBuild @@ -30,7 +30,7 @@ PKG=$TMP/package-openssh PKGNAM=openssh VERSION=${VERSION:-$(echo openssh-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-1} +BUILD=${BUILD:-2} NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} diff --git a/slackware64-current/source/n/openssh/sshd.pam b/slackware64-current/source/n/openssh/sshd.pam index 570412d68..dcf1ff3fd 100644 --- a/slackware64-current/source/n/openssh/sshd.pam +++ b/slackware64-current/source/n/openssh/sshd.pam @@ -4,13 +4,16 @@ # need to add additional consoles to /etc/securetty if you want to allow # root logins on them, such as: ssh, pts/0, :0, etc #auth required pam_securetty.so -# To set a limit on failed authentications, the pam_tally2 module -# can be enabled. See pam_tally2(8) for options. -#auth required pam_tally2.so deny=4 unlock_time=1200 +# When using pam_faillock, print a message to the user if the account is +# locked. This lets the user know what is going on, but it also potentially +# gives additional information to attackers: +#auth requisite pam_faillock.so preauth auth include system-auth +# To set a limit on failed authentications, the pam_faillock module +# can be enabled. See pam_faillock(8) for more information. +#auth [default=die] pam_faillock.so authfail +#auth sufficient pam_faillock.so authsucc auth include postlogin -# Also uncomment this line to use pam_tally2: -#account required pam_tally2.so account required pam_nologin.so account include system-auth password include system-auth |