1) are you supposed to engage audit logging? if you do, then you can get
this info out of an auditreduce (I think that's the command) command (see
man page on audit)
2) setting the length can be done (I can't think of where you do it off the
top of my head but we set ours to something strange, too). use admintool to
do the expiration date stuff.
X failed attempts and acct is disabled -- don't know that one, I have this
problem myself and would like to know the answer
Not same as previous password (If we're talking not being able to reset the
password to the last one used)...this is standard. To check back to not use
the password before last --- don't know
3) Training issue
4) Screen saver lock -- haven't done this. my problem is how can I do an
auto logout if nobody has hit a key in the last 20 minutes or so? User
Manager (Solstice admin suite) has something like this but -- my question
is -- is the admin suite standard with the OS or do I have to buy it
separately? I've just started working on this problem in the last day, so I
don't have the answer.
5) Like the other person that answered you...most folks aren't as concerned
about viruses on Unix boxes..??
As far as PAM or NIS+ -- I'd go NIS+. I like it pretty well although I'm
still pretty new to it. But...I haven't used PAM, so I really can't tell
you much about it.
>We'd really appreciate any recommendations anyone could give as to how
>we could best accomplish our goals listed below. If we need to purchase
>software that's OK too. Our system is Solaris 7, we have about 15-20
>user accounts, the machine is behind a firewall, the users are barely
>computer literate, and these requirements are coming from "on high"
>from people who don't have any familiarity with Unix.
>1) log failed login violations
>2) password requirements: >= 5 chars., not same as name, not same as
>previous passwords, lockout after 3 attempts, 60 day expiration, disable
>after 30 days inactivity
>3) limit one login per user (nice to have, they say)
>4) screen saver locks > 15 mins.
>6) Unix virus scan software
>I've looked at PAM and NIS+. What do you think? Which do you prefer
>Sent via Deja.com http://www.deja.com/
>Before you buy.