diff options
Diffstat (limited to 'modules/pam_faillock/README')
-rw-r--r-- | modules/pam_faillock/README | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/modules/pam_faillock/README b/modules/pam_faillock/README index c88705ad..574b37bd 100644 --- a/modules/pam_faillock/README +++ b/modules/pam_faillock/README @@ -48,6 +48,10 @@ conf=/path/to/config-file Use another configuration file instead of the default /etc/security/ faillock.conf. + Use another configuration file instead of the default which is to use the + file /etc/security/faillock.conf or, if that one is not present, the file + %vendordir%/security/faillock.conf. + The options for configuring the module behavior are described in the faillock.conf(5) manual page. The options specified on the module command line override the values from the configuration file. @@ -66,7 +70,7 @@ screensaver. Note that using the module in preauth without the silent option specified in / etc/security/faillock.conf or with requisite control field leaks an information -about existence or non-existence of an user account in the system because the +about existence or non-existence of a user account in the system because the failures are not recorded for the unknown users. The message about the user account being locked is never displayed for non-existing user accounts allowing the adversary to infer that a particular account is not existing on a system. |