Many thanks to Andy McVey and Matthew Stier for their quick responses posted below: You can limit the number of retry attempts with an entry in /etc/default/login: RETRIES=<value> (See the man page for login for more details) It won't lock the NIS account though - you could either write a PAM module that automatically locks the account (tough) or check the messages file for: login: REPEATED LOGIN FAILURES ON /dev/pts/XXX Then email the sysadmin to manually lock the account. Alternatively make LOGHOST the NIS master and write a script that filters the output of syslogd and locks the user account accordingly. ######################################################################### Not in the Sun provided configuration. There is no code to check for counts, or any means to save that information across workstations. Personally, I believe in Sun's policy in not implementing account lockouts, since I've seen more internal users use them as a playfull "Denial of Service" attack, that actually stopping such threats. Sun's choice to provided an extensive delay after a failed login attempt is the better solution to brute-force attacks, since it limits attempts per terminal to 75 per hour. ############################################################################# On a side note, I spoke with Sun directly. There is a PAM module available which will accomplish this, the module is named "pam_tally" The only (apparent) limitation under NIS is it will only lock the account LOCALLY. http://www.sun.com/software/solaris/pam http://www.consmiths.com.au/pam/index.html Buddy DeMontier State Street Global Advisors Infrastructure Technical Services 2 International Place Boston Ma 02110 617-664-6141 _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Tue Feb 19 14:46:20 2002
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:42:34 EST