After upgrading to sys-auth/pambase-20201010 I have this new block in both system-login and system-auth: auth required pam_faillock.so preauth conf=/etc/security/faillock.conf auth sufficient pam_unix.so nullok try_first_pass auth [default=die] pam_faillock.so authfail However system-login includes system-auth, so it seems a bit redundant to have it in system-login too. The other thing I noticed is that now in system-auth there are 2 rules for pam_unix.so: auth required pam_unix.so try_first_pass likeauth nullok [...cropped...] auth required pam_faillock.so preauth conf=/etc/security/faillock.conf auth sufficient pam_unix.so nullok try_first_pass auth [default=die] pam_faillock.so authfail I don't think this is the intended behavior, but I might be overlooking something.
Thank you, this needs moving.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/proj/pambase.git/commit/?id=da499cca70c5e77c851c5f75440df188fe2eeabe commit da499cca70c5e77c851c5f75440df188fe2eeabe Author: Sam James <sam@gentoo.org> AuthorDate: 2020-10-11 20:55:39 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-10-12 14:32:12 +0000 templates/system-login.tpl: remove duplicate block from system-auth Bug: https://bugs.gentoo.org/747868 Signed-off-by: Sam James <sam@gentoo.org> templates/system-login.tpl | 5 ----- 1 file changed, 5 deletions(-)
Thank you! Also could you please take a look at https://bugs.gentoo.org/747793#c4? The call to "pam_faillock.so authsucc" is missing, so the consecutive failed authentication counter is never reset.
