Automatic account manipulation

Automatic account manipulation

Post by JWMeri » Fri, 07 May 1999 04:00:00



What aside from the "password expired" if password aging is enabled does a Unix
box do that automatically manipulates system accounts?  I'm wondering about
something that disables accounts if some security violation is noted (like NT's
account locking for multiple incorrect logon attempts within a specified time).
 I can't think of any.

Thanks!

Jim

 
 
 

Automatic account manipulation

Post by Martin Hepwort » Fri, 07 May 1999 04:00:00



> What aside from the "password expired" if password aging is enabled does a Unix
> box do that automatically manipulates system accounts?  I'm wondering about
> something that disables accounts if some security violation is noted (like NT's
> account locking for multiple incorrect logon attempts within a specified time).
>  I can't think of any.

> Thanks!

> Jim

Jim
Depends on the flavour of unix used, some do extra stuff like this and
some don't. Also products like BoKS (or Keon as it's been renamed) can
do this as an add on for most Unix's.

martin

 
 
 

Automatic account manipulation

Post by Bill Unr » Fri, 07 May 1999 04:00:00




>> What aside from the "password expired" if password aging is enabled does a Unix
>> box do that automatically manipulates system accounts?  I'm wondering about
>> something that disables accounts if some security violation is noted (like NT's
>> account locking for multiple incorrect logon attempts within a specified time).

You can set them up. For example I belive even the standard login waits
longer and longer for each new login attempt, and times out at 3
attempts. Note that locking out a user is a great way for an outsider to
launch a denial of service. Just log in until the account is frozen.
Does this also apply to root (or whatever root is called on NT?)
 
 
 

Automatic account manipulation

Post by Dave Woo » Fri, 07 May 1999 04:00:00


If you want something heavier, take a look at a commercial program called
PowerPassword, put out by Symark Software.  It expires unused accounts,
locks accounts when there are too many unsucessful attempts, checks
passwords against crack programs, and logs the activity.  They have a free
30 day trial.


>What aside from the "password expired" if password aging is enabled does a
Unix
>box do that automatically manipulates system accounts?  I'm wondering about
>something that disables accounts if some security violation is noted (like
NT's
>account locking for multiple incorrect logon attempts within a specified
time).
> I can't think of any.

>Thanks!

>Jim

 
 
 

1. Automatic Account Allocations

I have a unique question. I have a program that is written in C. This
program is used by the Computer Center here on Campus to grant students
accounts on the systems that are available. The student simply logs on to
the machine that they wish to work on (UNIX, VAX, Mainframe) using the ID
of accounts. This is a captive account that asks them for their Social
Security Number and their birth date. Then with this information the
captive account verifies their enrollment as a student on a central
database. If they are enrolled then the captive account then creates them
an account on that system.

What I am interested in finding out is if there is a commercial product
that would do the same thing or something similar?

I thank you for the responses before hand.

2. Loadlin + large drives

3. Automatic disabling of user accounts under HP-UX

4. NIS trouble

5. Automatic account registration

6. Uploading a text file using telnet?

7. Automatic account creation

8. Limiting a process to specific processor(s)

9. Automatic Account Creation

10. Automatic Backups -- or automatic in general. :)

11. AliasMatch from ~/account to /users/account

12. Use WinNT User Accounts on Linux -- Centralize User Accounts

13. FTP account without passwd (not an anonymous account)