On Thu, Jun 02, Jason Newton wrote:
I'd consider adding it as an update, too, to 42.1 and SP1, at least in aux repositories - preferably to updates :-).
I've spoken with the author of pam_faillock and I believe it to be superior to pam_tally2, particularly concerning handling of screensaver handling.
There is one very good reason, why the upstream PAM maintainer rejected to include this module: it is next to impossible to configure it correct. Did you look at the example, how to configure a service to use this module? The module has one big design disadvantage: it needs to be called several time in a PAM stack, and you need jump directives, depending on the result of a module. While this works with only pam_unix.so, it will be next to impossible to some more complex authentication stacks. So tools like pam-config will never support pam_faillock. The whole mess could be avoided, if pam_faillock would have not be designed under the assumption, that all PAM applications by design are broken ... Beside I fail to see your problem with screensaver handling. pam_faillock and pam_tally2 needs both the same rights. Thorsten -- Thorsten Kukuk, Senior Architect SLES & Common Code Base SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nuernberg, Germany GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org