[JIRA SONIC-5583] added maxtries=die control flag to catch maxtry error from pam_unix

suresh-rupanagudi · suresh-rupanagudi · commit 8fb8c1b91124 · 2019-07-15T21:47:47.000-07:00
Change-Id: Id2b3ee2b94d83015617583ce1d5e85db12b1f388
diff --git a/files/image_config/hostcfgd/common-auth-sonic.j2 b/files/image_config/hostcfgd/common-auth-sonic.j2
@@ -13,7 +13,7 @@
 auth	[success=1 default=ignore]	pam_unix.so nullok try_first_pass
 
 {% elif auth['login'] == 'local,tacacs+' %}
-auth	[success=done new_authtok_reqd=done default=ignore{{ ' auth_err=die' if not auth['failthrough'] }}]	pam_unix.so nullok try_first_pass
+auth	[success=done new_authtok_reqd=done default=ignore{{ ' auth_err=die maxtries=die' if not auth['failthrough'] }}]	pam_unix.so nullok try_first_pass
 {% for server in servers | sub(0, -1) %}
 auth	[success=done new_authtok_reqd=done default=ignore{{ ' auth_err=die' if not auth['failthrough'] }}]	pam_tacplus.so server={{ server.ip }}:{{ server.tcp_port }} secret={{ server.passkey }} login={{ server.auth_type }} timeout={{ server.timeout }} {% if server.vrf %} vrf={{ server.vrf }} {% endif %} try_first_pass
 {% endfor %}
