RE: Account Lockout in Solaris 8

From: James Poland (
Date: 10/15/03

  • Next message: Rex Monty di Bona: "Re: Account Lockout in Solaris 8"
    Date: Tue, 14 Oct 2003 22:50:35 -0700

    DISABLETIME can be set in /etc/default/login on Solaris 9. It is the time
    that the account is disabled after RETRIES number of unsuccessful logins.
    Default is 20 seconds for DISABLETIME, 5 attempts for RETRIES. You can set
    up a Windows-like timed lockout using DISABLETIME and RETRIES on Solaris 9.
    SLEEPTIME can also be set in /etc/default/login. It is the amount of time
    that the system pauses between when the user enters a bad password and when
    the system prompts for the user id. Default is 4 seconds, range is 0 to 5.

    DISABLETIME is not in Solaris 8. You can use someone else's PAM, or as Julie
    Baumler suggested, roll your own lockout script. /var/adm/loginlog is the
    record each bad login attempt after 5 bad attempts. Check the manpage.

    I like the Linux PAM. See Don't
    know how it would behave on Solaris, but you might give it a shot. See
    pam_tally for the lockout function lib.


    -----Original Message-----
    From: Steve Barnet []
    Sent: Tuesday, October 14, 2003 10:56 AM
    To: Kevin L Prigge
    Cc: Kenneth Denski;
    Subject: Re: Account Lockout in Solaris 8

    According to the login(1) man page from a Solaris 8 machine,
    the following variables can be set in /etc/default/login:

                     Sets the number of retries for logging in (see
                     pam(3PAM)). The default is 5.

                     Used to determine how many failed login attempts
                     will be allowed by the system before a failed
                     login message is logged, using the syslog(3C)
                     LOG_NOTICE facility. For example, if the vari-
                     able is set to 0, login will log all failed
                     login attempts.

    I don't have a Solaris machine immediately at hand, but I think
    that would be a good place to start.



  • Next message: Rex Monty di Bona: "Re: Account Lockout in Solaris 8"