Re: Account Lockout in Solaris 8

From: Rex Monty di Bona (rex_at_comsmiths.com.au)
Date: 10/15/03

Next message: Darren J Moffat: "Re: Account Lockout in Solaris 8"

Previous message: James Poland: "RE: Account Lockout in Solaris 8"
In reply to: Darren Hoch: "Re: Account Lockout in Solaris 8"
Next in thread: Steve Barnet: "Re: Account Lockout in Solaris 8"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 15 Oct 2003 20:53:28 +1000
To: Darren Hoch <darren.hoch@litemail.org>

Hello Kenneth,
Thank you Darren for the wonderful plug. Yes, we have modules that you
can download and use for free. If you want the source code for an audit
it can be arranged. Please make sure that you are running version 1.04
(there was a security hole in 1.03 - obviously not enough auditing).
People at version 1.03 please upgrade.

You can select one of three behaviours with our PAM module: Lock the
account and have the password reset by admin. Lock the account and have
the login flag reset by admin (i.e. things that use the password, but
not the module will still work), and lockout for a period after the
selected number of bad attempts.

The advantage of the lockout period is that it defeats the multi-trial
attempts, and allows the user to know that something has happened
(especially if you set it to 1 day or there abouts) but does not require
admin intervetion - no social engineering attacks.

We have a bunch of other PAM modules available for other purposes too.

Rex di Bona
Computer Smiths

Darren Hoch wrote:
> Hello Kenneth,
>
> Solaris 8 does not provide this feature by default. However, you can
> install some GPL modules from:
>
> http://www.comsmiths.com.au/pam/
>
> They have a login_limit pam module that can be inserted into the stack.
> I have used it both on Solaris 8 and Solaris 9.
>
> Darren
>
> Kenneth Denski wrote:
>
>> Does anyone know if it is possible to implement account lockouts in
>> Sun Solaris 8? I want to set it so that after 3 bad login attempts,
>> the user is locked out and must be reset by the Admin.
>>
>> Is there any way to do this?
>>
>
>

Next message: Darren J Moffat: "Re: Account Lockout in Solaris 8"

Previous message: James Poland: "RE: Account Lockout in Solaris 8"
In reply to: Darren Hoch: "Re: Account Lockout in Solaris 8"
Next in thread: Steve Barnet: "Re: Account Lockout in Solaris 8"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: sudo lock-up
... "pam" that allows an account to be locked out after N login failures ... (though a pam module could probably be built for this fairly easily). ... Are you absolutely certain that the lockout is due to repeated login ... standard Linux-PAM module. ...
(Debian-User)
Re: sudo lock-up
... Simon Kitching wrote: ... > (though a pam module could probably be built for this fairly easily). ... > no facility to perform lockout at all. ...
(Debian-User)