They're cascaded via the "include" directives included in login (as well as
most others, i.e. sshd, gdm, sudo).
Thus system-auth changes carry over to all other subsystems, not just login.
Man pages for system-auth and system-auth-ac give some background.
The use of pam.d/login in the pam_faillock man page is simply an example on
its use.
-Nick
--
Nicholas P. Crawford, Contractor
Senior UNIX Systems Administrator
Manufacturing Techniques, Inc. (MTEQ)
NVESD Network Services Branch, US Army
email: ncrawford@mteq.com
NIPR: nicholas.p.crawford.ctr@mail.mil
SIPR: nicholas.p.crawford.ctr@mail.smil.mil
work: 703.704.2299 dsn: 312.654.2299
cell: 571.225.1283
> -----Original Message-----
> From: Sean [mailto:smalder73@gmail.com]
> Sent: Monday, November 23, 2015 2:41 PM
> To: scap-security-guide@lists.fedorahosted.org
> Subject: [Non-DoD Source] Question on use of pam_faillock.so in
> account lockout remediation
>
> Hi,
>
> I was curious if someone could point me toward the reasoning behind
> why these remediation scripts are using /etc/pam.d/system- auth and
> /etc/pam.d/password-auth? It seems like the man page for pam_faillock
> directs the usage to /etc/pam.d/login instead.
>
> Thank you kindly,
>
>
> --Sean