Hi
How can i disable a user account after 5 unsuccesful login attempts
i.e a user puts in the wrong password five times. Then his account
gets locked.
Is it possible on solaris ? We are implementing it on Digital.
Thanks
jack
|
|
0
|
|
|
|
Reply
|
 raphael_77
|
7/27/2004 10:13:47 PM |
|
In article <f8f45df1.0407271413.215ddda9@posting.google.com>,
raphael_77@yahoo.com (Jack) wrote:
> How can i disable a user account after 5 unsuccesful login attempts
> i.e a user puts in the wrong password five times. Then his account
> gets locked.
> Is it possible on solaris ? We are implementing it on Digital.
First off, this feature could be a Bad Idea(tm) as it will open you up
to a denial of service exploit. Will the Pointy Haired Boss who's
requesting this feature be responsible for dialing in at 4am on a Sunday
morning to reenable an account that's been disabled because some manager
can't get in who's dialed in from Asia?
This feature is part of Solaris 10, which is currently in beta. You
didn't say what version you're running, but versions before 10 could
only do this using LDAP authentication.
It's also possible to write a cron that runs periodically that scans
/var/adm/loginlog for login failures and locks accounts. The file
doesn't exist by default, so it doesn't track failures unless you create
it first.
There also a custom PAM module you can obtain, build and install:
http://tinyurl.com/5uyok
For more info, Google using the following string:
lock account group:comp.unix.solaris
--
DeeDee, don't press that button! DeeDee! NO! Dee...
|
|
|
0
|
|
|
|
Reply
|
Michael
|
7/28/2004 3:24:30 AM
|
|
Search |
Post Question |
Groups |
Stream |
About |
Register
25710 articles. 
78 followers. 
1 Replies
564 Views
