hey list I'm doing a PCI audit for my company. One of the requirements is to specify a lockout duration of 30 minutes after 6 failed login attempts: For a sample of system components, obtain and insp 8.5.14 rd parameters system configuration settings to verify that passwo ed out, it are set to require that once a user account is lock a system remains locked for a minimum of 30 minutes or until administrator resets the account I'm pretty sure this is a pam thing but does anyone know how this can best be achieved? thanks! -- GPG me!! gpg --keyserver pgp.mit.edu --recv-keys F186197B