> a) adding nolock as an option to pam_unix_auth (which effectively disables > lock_after_retries anyway, so why not just disable it if doing this) > b) adding lock_after_retries=no to specific users in /etc/user_attr
RTM pam_unix_auth(5):
nolock Regardless of the automatic account locking
setting for the account, do not lock the
account, increment or clear the failed
login count. The nolock option allows for
exempting account locking on a per service
basis.
Gary..
