meta-ampere: pam: set default unlock time to 1800
Ampere account lockout policy is defined as:
'Five consecutive failed login attempts will lock the account for 30 minutes".
While the login attempt was set to 5 already, the 30-minute lock period
(auto-unlock) has not been set.
This commit adds the missing 30-minute lockout by default.
Tested:
1. Enter WebUI -> User management
2. Click on Account policy settings and check if:
- Max failed login attempts: 5
- User unlock method: Automatic after timeout
- Timeout duration (seconds): 1800
Signed-off-by: Thang Q. Nguyen <thang@os.amperecomputing.com>
Change-Id: Ieed9a719c424a289687e66314f4c68de5d108b6e
diff --git a/meta-ampere/meta-common/recipes-extended/pam/libpam/pam.d/common-auth b/meta-ampere/meta-common/recipes-extended/pam/libpam/pam.d/common-auth
index c79219f..508ef7a 100644
--- a/meta-ampere/meta-common/recipes-extended/pam/libpam/pam.d/common-auth
+++ b/meta-ampere/meta-common/recipes-extended/pam/libpam/pam.d/common-auth
@@ -8,7 +8,7 @@
# traditional Unix authentication mechanisms.
# here are the per-package modules (the "Primary" block)
-auth [success=ok user_unknown=ignore default=2] pam_tally2.so deny=5 unlock_time=0
+auth [success=ok user_unknown=ignore default=2] pam_tally2.so deny=5 unlock_time=1800
# Try for local user first, and then try for ldap
auth [success=2 default=ignore] pam_unix.so quiet
-auth [success=1 default=ignore] pam_ldap.so ignore_unknown_user ignore_authinfo_unavail