> I am not sure about HP-UX but under Digital Unix formerly OSF we enabled C2
> security. It lets us define on a system or user basis how many unsuccessful
> login attemps before locking the account.
> As for Frank's comment this is something that is definitely required to help
> ensure the administrator who is logging on and when possible security breaches
> may occur.
> Tolson Smith
> >>I need to develop some utility to automatically disable a Unix user
> >>account if there are three unsuccessful login attempts.
> >>So far I've worked out I need a daemon process to monitor the login
> >>accounting files (you know, those used by last and lastb).
> >>Or do I??? Perhaps someone has an alternative solution or even better,
> >>some semi-suitable source code.
> >>All tips welcome...thanks
> >I really doubt you want to do this. This would let anyone disable any
> >account they wanted to. However, you probably have the ability to log
> >multiple unsuccessful login attempts. In Solaris, you could use loginlog.
> >I'm not sure if that's a System V thing or not, but it might be worth a
> > | (Douglas) Hofstadter's Law:
> > | It always takes longer than you expect, even
> >Frank Stuart | when you take into account Hofstadter's Law.
You'll need to goto HP-UX 10.0* and above and enable C2 to get the system to do it, its configurable through
SAM. The upgrade from 9 to 10 is fairly easy. Note that some of HP-UX products like the JFS are not yet
supported on a trusted HP-UX system, and there are some patches that you MUST have installed (particularly the
one about the TCB lock files).