locking out user accounts after 3 login failures...
My work requires mutliple user systems to automatically lock out a user account after 3 login authentication failures. I am running 5.1 and I have not seen anything like this in PAM or login.conf (though the is the login-backoff option, but thats not exactly what I want). Any way to do this? Thanks Mike C ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: locking out user accounts after 3 login failures...
On Wed, 6 Aug 2003, Chuck Swiger wrote: Michael Carlson wrote: My work requires mutliple user systems to automatically lock out a user account after 3 login authentication failures. I am running 5.1 and I have not seen anything like this in PAM or login.conf (though the is the login-backoff option, but thats not exactly what I want). Ugh. Explain what denial of service means by asking your boss what happens if and when an annoyed employee enters the boss'es username and locks him out? I do not disagree, unfortunately this requirement is in a ancient DOE document, and they seem to hate change. It's reasonable to want to improve the security of reusable passwords, but that's the wrong approach. Your boss should consider biometrics or smart cards (SecurID)... I am looking into this as well, as we have a SecurID ACE server (running on windows, another black mark) but it is unfamiliar territory to me. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: locking out user accounts after 3 login failures...
Michael Carlson wrote: My work requires mutliple user systems to automatically lock out a user account after 3 login authentication failures. I am running 5.1 and I have not seen anything like this in PAM or login.conf (though the is the login-backoff option, but thats not exactly what I want). Ugh. Explain what denial of service means by asking your boss what happens if and when an annoyed employee enters the boss'es username and locks him out? It's reasonable to want to improve the security of reusable passwords, but that's the wrong approach. Your boss should consider biometrics or smart cards (SecurID)... -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]