Solved

Locking user accounts

Posted on 2006-07-18
12
1,007 Views
Last Modified: 2013-12-27
Pls provide script for locking user accounts on solaris after 3 failed login attempts.  I couldnt find any direct way to lock user accounts
0
Comment
Question by:rojy_20
12 Comments
 
LVL 48

Accepted Solution

by:
Tintin earned 500 total points
ID: 17134044
Use PAM_login_limit from http://www.comsmiths.com.au/pam/
0
 

Author Comment

by:rojy_20
ID: 17144375
I donot want to download this utilty as we do have restrictions.  If there are some scripts that I could run; then it would be helpful
0
 
LVL 48

Expert Comment

by:Tintin
ID: 17144549
What version of Solaris do you use?  

What are the restrictions?  You can download the source from comsmiths.com.

You could possibly use scripts, but it wouldn't be the easiest of tasks.  Much better to use something that is known to work.
0
 
LVL 10

Expert Comment

by:Nukfror
ID: 17153393
One way for sure to work without having to download 3rd party PAM modules is to updade to Solaris 10.  Automagic account lockout has finally been added to Solaris.  But I doubt upgrading Solaris was part of your plan ... ;D
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Author Comment

by:rojy_20
ID: 17162332
Tintin
We have Versions 8, 9 and 10 running in our environment.  Restrictions are mainly with regard to management approval.  I understand scripts are not easy but its worth a try...

Nukfror
Upgrade to 10??!! Now that will take a decade to get approved ;-)
0
 
LVL 48

Expert Comment

by:Tintin
ID: 17164287
Don't you love it when management place all these restrictions to make life more difficult.  They generally make these decisions based upon some vague concept that using third party or open source software is bad.

As for using scripts, the only way you could do it with standard tools is to interegate /var/adm/loginlog, but this only logs entries after 5 successive failed login attempts, so that may or may not be sufficient for your needs.
0
 
LVL 2

Expert Comment

by:advega
ID: 17323207
why don't you check the /etc/default/* files !
They are self explanatory with comments above each configurable parameter.

may be there you can find answers to what you need.

regards...
0
 
LVL 48

Expert Comment

by:Tintin
ID: 17330228
advega.

There are no Solaris options in the /etc/default/ files to lock an account.
0
 
LVL 48

Expert Comment

by:Tintin
ID: 17557265
My first solution works well providing you don't have brain dead management who refuse to install software that actually solves the problem.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
sort command HPUX 11 65
Linux performance issues with 100% swap usage, etc 15 90
can't umount nfs share after server goes offline... 4 75
Oracle Finace 3 67
A metadevice consists of one or more devices (slices). It can be expanded by adding slices. Then, it can be grown to fill a larger space while the file system is in use. However, not all UNIX file systems (UFS) can be expanded this way. The conca…
FreeBSD on EC2 FreeBSD (https://www.freebsd.org) is a robust Unix-like operating system that has been around for many years. FreeBSD is available on Amazon EC2 through Amazon Machine Images (AMIs) provided by FreeBSD developer and security office…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now