[Sunhelp] account security
Doug McLaren
dougmc at frenzy.com
Mon May 17 10:07:34 CDT 1999
On Mon, May 17, 1999 at 03:51:21PM +1000, Mulqueen.Lisa wrote:
| Is it possible to lock out a user account after a certain number of
| unsuccessful login attempts?
|
| In my case, our security policy requires that login attempts are limited to
| three, then the account is to be locked out.
|
| We are running Solaris 2.5.1.
|
| Any suggestions would be greatly appreciated.
While I don't have the answer you're looking for, I do have a
suggestion ...
You might want to re-evaluate that policy a bit more carefully. It
can be used to cause some pretty serious problems ...
1) there's nothing stopping somebody from locking somebody else's
account out - I telnet to your box, give your login, give a bogus
password, repeat two more times and whammo - you can't log in.
And what if the sysadmin (or whomever could fix it) is off that day?
2) does it apply to the root account? If so, it could lock out root -
the one guy who'd be able to fix it. You'd probably have to drop the
box into single user mode (i.e. reboot) just to fix it.
--
Doug McLaren, dougmc at frenzy.com
More information about the SunHELP
mailing list