How to edit 3 wrong password attempt lock-out?

Question

How to edit 3 wrong password attempt lock-out?

HarshalRathore opened this issue 2 years ago · comments

I'm submitting a Question.

[ ] Bug
[ ] Feature Request
[x] Question

Current Behavior

Users have 3 attempts or chances to unlock the i3lock if the user successfully manages to waste those 3 attempts i3lock times out for around 8-10 minutes so the user has to wait for the time out to end and again try to unlock the i3lock.

Expected Behavior

I can't find a tag or parameter that I can provide to i3lock so it won't timeout after some dumb user(ME) manages to waste those 3 attempts. I have tried finding it in man pages, over the internet but couldn't find anything useful. Is this even possible in the first place? If not then this ISSUE of mine turns into a feature request.

Environment

Output of i3lock --version:

i3lock: version 2.13 © 2010 Michael Stapelberg

Ingo Bürk · Answer 1 · Tue Apr 19 2022 22:53:25 GMT+0800 (China Standard Time)

i3lock just uses pam, so you need to look into your system's pam configuration.

kpcyrd · Answer 2 · Tue Apr 19 2022 23:19:22 GMT+0800 (China Standard Time)

If you're using Arch Linux have a look at https://wiki.archlinux.org/title/security#Lock_out_user_after_three_failed_login_attempts

Edit /etc/security/faillock.conf and set deny = 0.

Harshal Rathore · Answer 3 · Thu Apr 21 2022 22:24:20 GMT+0800 (China Standard Time)

Thanks @kpcyrd
the link you directed me to helped me greatly. Looks like seting deny = 0 will also remove 3 failed attempts for Sudo and login managers which I don't want as I will be trading security for convenience so a solution I found is that to switch to a different tty either with key combination or with sudo chvt _N_ login with some other user and then run this command sudo faillock --user _user_ --reset and switch back to tty1 then try to unlock i3lock.