Re: Account Lockout in Solaris 8
Date: Tue, 14 Oct 2003 14:14:10 -0400 (EDT) To: Kevin L Prigge <email@example.com>
> On Tue, Oct 14, 2003 at 04:09:38PM -0000, Kenneth Denski wrote:
> > Does anyone know if it is possible to implement account lockouts in Sun Solaris 8? I want to set it so that after 3 bad login attempts, the user is locked out and must be reset by the Admin.
> > Is there any way to do this?
> Not with stock Solaris 8, AFAIK. I'm guessing you've been tasked
> with implementing this based on a requirement from your Audit area.
> Make sure they know that there are real DOS possibilities with a
> scheme such as this, and just because this functionality was available
> on IBM mainframes, it doesn't make it a good or useful idea.
If the machines are internal to your network then DoS attacks should not
be a major factor in this. The best way to do this is to use PAM
modules and customize it for your environment. This may not be the
simplist method but it will get you where you want to go. Take a look
at the /etc/default/passwd options as well. They wont let you disable
an account this way but will allow you to force other options.