So a Gov't STIG has had me add to /etc/pam.d/password-auth:
auth required pam_faillock.so preauth silent deny=3 unlock_time=604800
fail_interval=900
auth [default=die] pam_faillock.so authfail deny=3 unlock_time=604800
fail_interval=900
account required pam_faillock.so
So that it loo
Works perfectly now! Thank you!
On 10/25/2016 03:34 PM, Alexander Bokovoy wrote:
pam_faillock.so preauth
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
I have a question I could really use help with.
I should start off by saying I'm relatively new to freeipa. I'm using
RedHat's IDM and I have a simple network set up with 5 machines and 12
users. I got a call to go take a look at one of the machines and the
user had forgotten their password.
As I was configuring my network with a government STIG package, I ended
up hosing up the network by following the STIGs directions and not
thinking it through. Currently users can log in, but NFS mounts won't
happen with krb5i encryption as they are being denied by the server who
is my NFS host
So I have two test machines that I set up because of this same problem
on my secure offline network. One of the test machines is a server that
has FreeIPA and NFS running on it, the other test machine is a client
that mounts two NFS shares from the server using krb5i sec.
Upon initial install,