Re: Help on freeBSD 4.10
On Feb 4, 2008, at 11:01 PM, Matthew Seaman wrote: As an administrator, how can i disable an account after three consecutive unsuccessful login attempts? As root, you could run: chsh -s /usr/sbin/nologin _user_ Um... I don't think that's quite what the OP meant. He wants to automatically lock out anyone that fails 3 times to supply the right password. Perhaps, although I preferred to answer the question which was actually asked in this case, since automatically locking out accounts results in a trivial denial-of-service condition whenever anyone happens to do a brute-force scan on the machine in question. See login.conf(5), particularly these entries: login-backoffnumber3 The number of login attempts allowed before the backoff delay is inserted after each subsequent attempt. The backoff delay is the number of tries above login-backoff multiplied by 5 seconds. login-retriesnumber10The number of login attempts allowed before the login fails. Note that this applies only to the login(1) program and so applies to textmode logins directly on the console. Other applications like xdm(1) have different controls, as do applications that provide remote access like ssh(1). Have you actually tried setting these? They make the system add a pause if the wrong password is entered several times, but they will not actually lock the account. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Help on freeBSD 4.10
Chuck Swiger wrote: > On Feb 4, 2008, at 2:31 PM, Tuan Ho wrote: >> 1/ >> As an administrator, how can i disable an account after three >> consecutive unsuccessful login attempts? > > As root, you could run: > > chsh -s /usr/sbin/nologin _user_ Um... I don't think that's quite what the OP meant. He wants to automatically lock out anyone that fails 3 times to supply the right password. See login.conf(5), particularly these entries: login-backoffnumber3 The number of login attempts allowed before the backoff delay is inserted after each subsequent attempt. The backoff delay is the number of tries above login-backoff multiplied by 5 seconds. login-retriesnumber10The number of login attempts allowed before the login fails. Note that this applies only to the login(1) program and so applies to textmode logins directly on the console. Other applications like xdm(1) have different controls, as do applications that provide remote access like ssh(1). Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Help on freeBSD 4.10
On Feb 4, 2008, at 2:31 PM, Tuan Ho wrote: 1/ As an administrator, how can i disable an account after three consecutive unsuccessful login attempts? As root, you could run: chsh -s /usr/sbin/nologin _user_ 2/ How can I enable logged file to monitor successful and unsuccessful logins and logouts? This should be enabled by default already; examine /var/log/auth.log -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Help on freeBSD 4.10
I have use freeBSD 4.10 1/ As an administrator, how can i disable an account after three consecutive unsuccessful login attempts? 2/ How can I enable logged file to monitor successful and unsuccessful logins and logouts? Thanks, taho89 _ Shed those extra pounds with MSN and The Biggest Loser! http://biggestloser.msn.com/___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
