From eb138196aa2d3cb860d5eb5ab1d05985df34ad2c Mon Sep 17 00:00:00 2001
From: Sam James <sam@gentoo.org>
Date: Tue, 20 Oct 2020 02:32:28 +0000
Subject: templates/system-auth.tpl: use faillock in minimal case

Bug: https://bugs.gentoo.org/748405
Signed-off-by: Sam James <sam@gentoo.org>
---
 templates/system-auth.tpl | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/templates/system-auth.tpl b/templates/system-auth.tpl
index bc28468..faf18ee 100644
--- a/templates/system-auth.tpl
+++ b/templates/system-auth.tpl
@@ -7,13 +7,10 @@ auth		sufficient	pam_ssh.so
 auth        [success=1 default=ignore]      pam_krb5.so {{ krb5_params }}
 {% endif %}
 
-auth		required	pam_unix.so try_first_pass {{ likeauth }} {{ nullok|default('', true) }} {{ debug|default('', true) }}
 auth		optional	pam_permit.so
-{% if not minimal %}
-auth		required	pam_faillock.so preauth
-auth		sufficient	pam_unix.so nullok try_first_pass
+auth		requisite	pam_faillock.so preauth
+auth		[success=1 default=ignore]	pam_unix.so {{ nullok|default('', true) }} {{ debug|default('', true) }} try_first_pass
 auth		[default=die]	pam_faillock.so authfail
-{% endif %}
 
 {% if krb5 %}
 account		[success=1 default=ignore]	pam_krb5.so {{ krb5_params }}
-- 
cgit v1.2.3-65-gdbad