On Wed, 6 Aug 2003, Chuck Swiger wrote:
> Michael Carlson wrote: > > My work requires mutliple user systems to automatically lock out a user > > account after 3 login authentication failures. I am running 5.1 and I have > > not seen anything like this in PAM or login.conf (though the is the > > login-backoff option, but thats not exactly what I want). > > Ugh. Explain what "denial of service" means by asking your boss what happens if > and when an annoyed employee enters the boss'es username and locks him out? I do not disagree, unfortunately this requirement is in a ancient DOE document, and they seem to hate change. > > It's reasonable to want to improve the security of reusable passwords, but > that's the wrong approach. Your boss should consider biometrics or smart cards > (SecurID)... > I am looking into this as well, as we have a SecurID ACE server (running on windows, another black mark) but it is unfamiliar territory to me. > -- > -Chuck > > > _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"