[Sunhelp] account security
Mulqueen.Lisa
Mulqueen.Lisa at comcare.gov.au
Mon May 17 21:07:46 CDT 1999
Thanks for your comments Doug.
Unfortunately, the locking of accounts after 3 invalid attempts is an audit
requirement (and no, it wouldn't apply to the root user's account).
Does anyone know if this is possible on Solaris 2.5.1 without scripting?
-----Original Message-----
From: Doug McLaren [mailto:dougmc at frenzy.com]
Sent: Tuesday, 18 May 1999 1:08
To: sunhelp at sunhelp.org
Subject: Re: [Sunhelp] account security
On Mon, May 17, 1999 at 03:51:21PM +1000, Mulqueen.Lisa wrote:
| Is it possible to lock out a user account after a certain number of
| unsuccessful login attempts?
|
| In my case, our security policy requires that login attempts are limited
to
| three, then the account is to be locked out.
|
| We are running Solaris 2.5.1.
|
| Any suggestions would be greatly appreciated.
While I don't have the answer you're looking for, I do have a
suggestion ...
You might want to re-evaluate that policy a bit more carefully. It
can be used to cause some pretty serious problems ...
1) there's nothing stopping somebody from locking somebody else's
account out - I telnet to your box, give your login, give a bogus
password, repeat two more times and whammo - you can't log in.
And what if the sysadmin (or whomever could fix it) is off that day?
2) does it apply to the root account? If so, it could lock out root -
the one guy who'd be able to fix it. You'd probably have to drop the
box into single user mode (i.e. reboot) just to fix it.
--
Doug McLaren, dougmc at frenzy.com
_______________________________________________
SunHELP maillist - SunHELP at sunhelp.org
http://www.sunhelp.org/mailman/listinfo/sunhelp
More information about the SunHELP
mailing list