*pam_faillock* can be now configured with `unlock_time=never`
The *pam_faillock* module now allows specifying using the `unlock_time=never` option that the user authentication lock caused by multiple authentication failures should never expire.
Description of problem:
The global option "unlock_time" available with "pam_faillock" module does not have an option to lock a user account until it's unlocked by admin.
Version-Release number of selected component (if applicable):
The current Fedora rawhide version of pam_faillock has this feature "unlock_time=never" but the RHEL-7 package does not. Hence opening a Bug to backport the feature to RHEL-7.
*** Bug 1148042 has been marked as a duplicate of this bug. ***
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.