On Fri, 11 Sep 2020 at 17:05, Giancarlo Razzolini via arch-dev-public <arch-dev-public@archlinux.org> wrote: > I third you and Levente's opinion. This is a sane upstream default and should > be handled by users, if they wish to. We shouldn't deviate from upstream in > this > case.
It's not an upstream default though. It's enabled by /etc/pam.d/system-auth which is part of pambase. It breaks sudo as well. I don't believe it makes sense to lock the user out after only 3 failed attempts. I would just remove pam_faillock.so from pambase. :)
