Faillock
After over eight years of using primarly Linux as my OS of choice, today was the first time that my system has locked me out for failed password attempts. It wasn’t that I had forgotten by password. I was simply in a hurry and made a typo three times in row, and, apparently, the pam_faillock.so PAM module is configured to lockout the user for fifteen minutes after three failed login attempts. At least on Arch Linux (btw) anyway.
If you’re like me, and think that lockout policy is just a little aggressive, then look no further. I’ll get you sorted. The default location for the pam_faillock.so module is /etc/security/faillock.conf, and in that file you’ll find an entry titled deny set to 3.
# Deny access if the number of consecutive authentication failures
# for this user during the recent interval exceeds n tries.
# The default is 3.
deny = 3Swap that sucker to a more agreeable number. I picked 10. The next time you restart your system, the new default will be set! If you’ve somehow locked a user session, but you still have access on the system as a root user then you can reset the lockout with the following command without needing to restart.
faillock --user YourUsername --resetHappy hacking!