From 594710aa4987e993f875642b9f15958728af9859 Mon Sep 17 00:00:00 2001
From: Lars Beckers <lars.beckers@rwth-aachen.de>
Date: Sun, 14 May 2017 01:40:17 +0200
Subject: [PATCH] ad-auth: improve sssd's pam config for offline use

---
 ad-auth/templates/sssd.conf.j2 | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/ad-auth/templates/sssd.conf.j2 b/ad-auth/templates/sssd.conf.j2
index 6b3d9b1..67704c2 100644
--- a/ad-auth/templates/sssd.conf.j2
+++ b/ad-auth/templates/sssd.conf.j2
@@ -3,6 +3,11 @@ domains = {{ domain }}
 config_file_version = 2
 services = nss, pam
 
+[pam]
+offline_credentials_expiration = 1
+offline_failed_login_attempts = 3
+offline_failed_login_delay = 0
+
 [domain/{{ domain }}]
 ad_domain = {{ domain }}
 krb5_realm = {{ domain.upper() }}
-- 
GitLab