Help on freeBSD 4.10

Matthew Seaman m.seaman at
Tue Feb 5 07:01:23 UTC 2008

Chuck Swiger wrote:
> On Feb 4, 2008, at 2:31 PM, Tuan Ho wrote:
>> 1/
>> As an administrator, how can i disable an account after three
>> consecutive unsuccessful login attempts?
> As root, you could run:
>  chsh -s /usr/sbin/nologin _user_

Um... I don't think that's quite what the OP meant.  He wants to automatically
lock out anyone that fails 3 times to supply the right password.

See login.conf(5), particularly these entries:

     login-backoff    number    3         The number of login attempts allowed
                                          before the backoff delay is inserted
                                          after each subsequent attempt.  The
                                          backoff delay is the number of tries
                                          above login-backoff multiplied by 5
     login-retries    number    10        The number of login attempts allowed
                                          before the login fails.

Note that this applies only to the login(1) program and so applies to
textmode logins directly on the console.  Other applications like xdm(1)
have different controls, as do applications that provide remote access
like ssh(1).



Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP:     Ramsgate
                                                  Kent, CT11 9PW

More information about the freebsd-questions mailing list