I have an Ubuntu 20.04 machine with slightly modified common-auth and common-password files to lock the user out for 10 minutes if an incorrect password is tried 10 times. This works fine in the Terminal and elsewhere, but I noticed that in GDM while clicking a user account from the list, not entering anything at all nor pressing enter to actually attempt the login, the tally is incremented. Each time you click a user this "attempt" is also logged to
I’m unsure whether this is normal behavior for GDM but if it is I’m curious how to get around it as it’s very inconvenient to get locked out for not even making an attempt.
FWIW (not sure if this is causing the issue), here is my PAM setup:
auth required pam_tally2.so onerr=fail deny=10 unlock_time=600 auth [success=1 default=ignore] pam_unix.so nullok_secure auth requisite pam_deny.so auth required pam_permit.so auth optional pam_cap.so
password requisite pam_pwquality.so retry=3 minlen=16 reject_username password [success=1 default=ignore] pam_unix.so obscure remember=8 use_authtok sha512 password requisite pam_deny.so password required pam_permit.so password optional pam_gnome_keyring.so
Any insight into this issue is appreciated.