cicssjw
asked on
Lock out a Solaris user after x failed attempts
Hello all,
I would like to lock out a Solaris 8 user after 'x' failed attempts. I know that this is not a built in function but have read it could be done using PAM? Is this the right route and if so are there any 'How to' documents to set this up.
Thanks in advance.
I would like to lock out a Solaris 8 user after 'x' failed attempts. I know that this is not a built in function but have read it could be done using PAM? Is this the right route and if so are there any 'How to' documents to set this up.
Thanks in advance.
ASKER
Hi yuzh,
I have already done what you have suggested, but this allows the user to start-up another telnet session and try again. We have an audit requirement to actually lock the user out after 'x' failed attempts. The only other thought I had is to write a script to monitor the loginlog and then lock the user out.
I didn't want to reinvent the wheel as this must have been done many times before.
Thanks.
I have already done what you have suggested, but this allows the user to start-up another telnet session and try again. We have an audit requirement to actually lock the user out after 'x' failed attempts. The only other thought I had is to write a script to monitor the loginlog and then lock the user out.
I didn't want to reinvent the wheel as this must have been done many times before.
Thanks.
If you want to lock the user's account, have a look at the following
Sun doc to learn how:
http://docs.sun.com/db/doc/805-8120-10/6j7kqn65k?a=view
Sun doc to learn how:
http://docs.sun.com/db/doc/805-8120-10/6j7kqn65k?a=view
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
We are not running Trusted Solairs. Thanks for all the valuable comments.
1. Edit /etc/default/login file to add, allow 3 login attempt
#
# Set the number of retries for logging in, the default is 5.
#
RETRIES=3
2. create a longinlog file
touch /var/adm/loginlog
chmod 600 /var/adm/loginlog
the file permission looks like:
-rw------- 1 root sys 4757 Jun 14 02:23 /var/adm/loginlog
that's it.
PS: you can write a script to monitor the /var/adm/loginlog to mail the failed
login infor to you.