by Jay » Sun, 23 Jan 2000 04:00:00
Is there anyway you set the amount of times a user ties to login and fails,
then the account is locked out !
Also when trying to use Password aging on a 2.6 server, even if I try and
create a new user, and then add password aging, I keep getting 'Password
aging is disabled'
I cannot find out, how to Enable-it !!
Help Please !!!
Thanks
Jason
by Andrew J. Caine » Mon, 24 Jan 2000 04:00:00
Having said that, locking accounts because of some number of login
failures is inventing a DOS condition. A more sophisticated approach would
be better, like having an increasing delay between allowed login attempts.
I don't know if Solaris 7 or 8 have improved this area.
I can amuse to see entries appear in loginlog and call the user offering
to help with their login problem.
How are you trying to enable aging?Quote:> Also when trying to use Password aging on a 2.6 server, even if I try and
> create a new user, and then add password aging, I keep getting 'Password
> aging is disabled'
Take a look at passwd(1). There are three switches for setting the aging
parameters. This is also more flexible that putting the *WEEKS lines in
/etc/default/passwd, since you have a resolution of days rather than
weeks.
--
________________________________________________________________________
by Andy Gabo » Tue, 25 Jan 2000 04:00:00
See file /etc/default/login
RETRIES Sets the number of retries for logging
in (see pam(3)). The default is 5.
... and other stuff.
Cheers,
Andy
J>HI
J>Is there anyway you set the amount of times a user ties to login and fails,
J>then the account is locked out !
J>Also when trying to use Password aging on a 2.6 server, even if I try and
J>create a new user, and then add password aging, I keep getting 'Password
J>aging is disabled'
J>I cannot find out, how to Enable-it !!
J>Help Please !!!
J>Thanks
J>Jason
--
+---------------------------------+--------------------------------+
| Department of Neurology | FAX - (530)754-5036 |
| University of California, Davis | |
+---------------------------------+--------------------------------+
1. Implementing account lockout on Solaris 2.6
After looking through the Solaris Security and other FAQs, the ASET and
BSM documentation, and general web searches, I have still not found a
'stock' method (read: supported by Sun) to implement automatic account
lockout on Solaris 2.6. I wish to prevent a user from logging in if they
have had a preset number of failed logins within a given timespan, much
like Windows NT does.
I know that I can go the PAM route and write an authentication handler
to do this for me, but my employer for whatever reason does not wish to
use in-house sofware for this purpose if we can avoid it (I know, I
know.) Has anyone met with success in implementing account lockouts on
Solaris 2.5 - 2.7? Is there a add-on package we have to purchase from
Sun to get that functionality?
Thanks.
--
Jeffrey A. Duffy
Principal Engineer
ACS Services Havelock, NC
2. Ghostscript can't find gs_init.ps file??? Why???
3. password ageing oddity on Solaris 2.6
6. Sun X11 screensaver/screen artifacts
7. Sol. 2.6 passwd won't accept any new passwords
9. enabling password aging on SOL 2.2
10. qfull-retries/qfull-retry-inte
11. Upgrade Sol 2.5.1 to Sol 2.6
12. Sol 2.5.1 and Sol 2.6 compatiblity
13. 2.6 HOW: account whithout password prompting