[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 532
  • Last Modified:

OpenBSD lockout user after failed login attempts

Is it possible to configure OpenBSD to lock out a user after several failed login attempts?  If yes how.
0
howardsx5
Asked:
howardsx5
1 Solution
 
paranoidcookieCommented:
Not so familiar with openBSD try asking in UNIX channel

There might be an option in one of

/etc/security/limits.conf

/etc/limitsĀ 
0
 
ITG-SSNACommented:
Check the /etc/login.conf

login-backoff     number     3            After login-backoff unsuccess-
                                               ful login attempts during a
                                               single session, login(1) will
                                               start sleeping a bit in between
                                               attempts.


LOGIN.CONF(5)             OpenBSD Programmer's Manual            LOGIN.CONF(5)



NAME
     login.conf - login class capability database



SYNOPSIS
     /etc/login.conf



DESCRIPTION
     The login.conf file describes the various attributes of login classes.  A
     login class determines what styles of authentication are available as
     well as session resource limits and environment setup.  While designed
     primarily for the login(1) program, it is also used by other programs,
     e.g., ftpd(8), to determine what means of authentication are available.
     It is also used by programs, e.g., rshd(8), which need to set up a user
     environment.

     A special record, ``default'', in /etc/login.conf is used for any user
     without a valid login class in /etc/master.passwd.

     Sites with very large /etc/login.conf files may wish to create a database
     version of the file, /etc/login.conf.db, for improved performance.  Using
     a database version for small files does not result in a performance im-
     provement.  To build /etc/login.conf.db from /etc/login.conf the follow-
     ing command may be used:

           # cap_mkdb /etc/login.conf

     Note that cap_mkdb(1) must be run after each edit of /etc/login.conf to
     keep the database version in sync with the plain file.


0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now