aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--system-auth.in12
-rw-r--r--system-login.in11
2 files changed, 12 insertions, 11 deletions
diff --git a/system-auth.in b/system-auth.in
index 6eea7bc..9ae09e4 100644
--- a/system-auth.in
+++ b/system-auth.in
@@ -2,12 +2,6 @@
auth required pam_env.so DEBUG
#endif
-#if HAVE_FAILLOCK
-auth required pam_faillock.so preauth silent audit deny=3 unlock_time=600
-auth sufficient pam_unix.so nullok try_first_pass
-auth [default=die] pam_faillock.so authfail audit deny=3 unlock_time=600
-#endif
-
#if HAVE_PAM_SSH
auth sufficient pam_ssh.so
#endif
@@ -18,6 +12,12 @@ auth required pam_unix.so try_first_pass LIKEAUTH NULLOK DEBUG
/* This is needed to make sure that the Kerberos skip-on-success won't cause a bad jump. */
auth optional pam_permit.so
+#if HAVE_FAILLOCK
+auth required pam_faillock.so preauth silent audit deny=3 unlock_time=600
+auth sufficient pam_unix.so nullok try_first_pass
+auth [default=die] pam_faillock.so authfail audit deny=3 unlock_time=600
+#endif
+
#if HAVE_KRB5
account KRB5_CONTROL pam_krb5.so KRB5_PARAMS
#endif
diff --git a/system-login.in b/system-login.in
index 9e82d60..ee03613 100644
--- a/system-login.in
+++ b/system-login.in
@@ -1,8 +1,3 @@
-#if HAVE_FAILLOCK
-auth required pam_faillock.so preauth silent audit deny=3 unlock_time=600
-auth sufficient pam_unix.so nullok try_first_pass
-auth [default=die] pam_faillock.so authfail audit deny=3 unlock_time=600
-#endif
#if HAVE_SHELLS
auth required pam_shells.so DEBUG
@@ -12,6 +7,12 @@ auth required pam_nologin.so DEBUG_NOLOGIN
#endif
auth include system-auth
+#if HAVE_FAILLOCK
+auth required pam_faillock.so preauth silent audit deny=3 unlock_time=600
+auth sufficient pam_unix.so nullok try_first_pass
+auth [default=die] pam_faillock.so authfail audit deny=3 unlock_time=600
+#endif
+
#if HAVE_ACCESS
account required pam_access.so DEBUG
#endif