meta-ampere: Change login attempt default threshold
The default login attempt threshold is currently 0. This patch changes
the value to 5 to match with Ampere's functional specification.
Test:
1. Login via web and check Account policy settings
2. Default value at "Max failed login attempts Value must be between 0
– 65535" is 5
Signed-off-by: Chau Ly <chaul@amperecomputing.com>
Change-Id: I3b46d23f02b8c64ce27fd68cda335fe4550f926f
diff --git a/meta-ampere/meta-common/recipes-extended/pam/libpam/pam.d/common-auth b/meta-ampere/meta-common/recipes-extended/pam/libpam/pam.d/common-auth
new file mode 100644
index 0000000..c79219f
--- /dev/null
+++ b/meta-ampere/meta-common/recipes-extended/pam/libpam/pam.d/common-auth
@@ -0,0 +1,21 @@
+#
+# /etc/pam.d/common-auth - authentication settings common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of the authentication modules that define
+# the central authentication scheme for use on the system
+# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the
+# traditional Unix authentication mechanisms.
+
+# here are the per-package modules (the "Primary" block)
+auth [success=ok user_unknown=ignore default=2] pam_tally2.so deny=5 unlock_time=0
+# Try for local user first, and then try for ldap
+auth [success=2 default=ignore] pam_unix.so quiet
+-auth [success=1 default=ignore] pam_ldap.so ignore_unknown_user ignore_authinfo_unavail
+# here's the fallback if no module succeeds
+auth requisite pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+auth required pam_permit.so
+# and here are more per-package modules (the "Additional" block)