mirror of
https://gitlab.archlinux.org/archlinux/infrastructure.git
synced 2024-05-08 14:26:05 +02:00
dovecot: disable pam_faillock lockout mechanism
faillock has often been locking me out of my mailbox because it counts failed authentication attempts against my user; turn this off and rely on fail2ban to block instances of account password brute-forcing by IP.
This commit is contained in:
parent
8480a4d216
commit
bd5fad424e
|
@ -47,6 +47,15 @@
|
|||
- name: Start and enable dovecot
|
||||
service: name=dovecot enabled=yes state=started
|
||||
|
||||
# faillock's default behavior allows third-parties to lock a user out of
|
||||
# their mailbox by doing 3 failed auth attempts; turn it off and rely on
|
||||
# fail2ban instead
|
||||
- name: Disable pam_faillock lockout mechanism
|
||||
lineinfile:
|
||||
path: /etc/security/faillock.conf
|
||||
regexp: deny =
|
||||
line: deny = 0
|
||||
|
||||
- name: Open firewall holes
|
||||
ansible.posix.firewalld: service={{ item }} permanent=true state=enabled immediate=yes
|
||||
with_items:
|
||||
|
|
Loading…
Reference in New Issue