locking out user accounts after 3 login failures...
mcarlson at m87-blackhole.org
Wed Aug 6 15:37:53 PDT 2003
On Wed, 6 Aug 2003, Chuck Swiger wrote:
> Michael Carlson wrote:
> > My work requires mutliple user systems to automatically lock out a user
> > account after 3 login authentication failures. I am running 5.1 and I have
> > not seen anything like this in PAM or login.conf (though the is the
> > login-backoff option, but thats not exactly what I want).
> Ugh. Explain what "denial of service" means by asking your boss what happens if
> and when an annoyed employee enters the boss'es username and locks him out?
I do not disagree, unfortunately this requirement is in a ancient DOE
document, and they seem to hate change.
> It's reasonable to want to improve the security of reusable passwords, but
> that's the wrong approach. Your boss should consider biometrics or smart cards
I am looking into this as well, as we have a SecurID ACE server (running
on windows, another black mark) but it is unfamiliar territory to me.
More information about the freebsd-questions