You could have a background script run as root and watch the system log for messages. journalctl -f -t unix_chkpwd should pick up every password failure as it happens. Or journalctl -f -t gdm-password] will show various information including password failures from gdm. And yes, that right square bracket is necessary in F23 and F24, probably a bug somewhere.
You can also use PAM to do it. If you ever use authconfig, it will get overwritten and your changes will be lost. password-auth is a link to password-auth-ac, so edit /etc/pam.d/password-auth-ac. After this line:
auth sufficient pam_unix.so nullok try_first_pass
add:
auth optional pam_exec.so /your/script/here.sh
The script will run as root in the context of gdm. See man pam_exec for some more info.
Asked: 2016-07-01 12:02:37 -0600
Seen: 428 times
Last updated: Jul 28 '16
Ask Fedora is community maintained and Red Hat or Fedora Project is not responsible for content. Content on this site is licensed under a CC-BY-SA 3.0 license.