RE: [suse-security] account lockout after x incorrect attempts???
One other thing - as far as we could tell pam_tally only locked a user out of a single machine (/var/log/faillog would appear to be kept on each individual machine) - it does not appear to be able to lock a network account - get locked out of one machine and the user could move on to the next machine. Does anyone know of any LDAP-based(PAM/LDAP combo?)/enterprise solutions for this? Thanks much, Eric -----Original Message----- From: Baenen Eric P Contr AFRL/HEC Sent: Wednesday, October 05, 2005 9:20 AM To: 'suse-security@suse.com' Subject: RE: [suse-security] account lockout after x incorrect attempts??? Thank you, We had looked at pam_tally just a bit - but our searches didn't find much in the way of positive experience with it. Has anyone actually implemented this with positive results? Thanks, Eric -----Original Message----- From: Marcus Meissner [mailto:meissner@suse.de] Sent: Wednesday, October 05, 2005 9:08 AM To: Baenen Eric P Contr AFRL/HEC Cc: 'suse-security@suse.com' Subject: Re: [suse-security] account lockout after x incorrect attempts??? On Wed, Oct 05, 2005 at 08:34:06AM -0400, Baenen Eric P Contr AFRL/HEC wrote:
Hello,
We have a number of SUSE 9.x workstations - and recently we've been mandated to have them adhere to a corporate IT security policy that requires account lockout after a certain number of incorrect login attempts.
Has anyone ever worked with a solution for this for SUSE 9.x? a pam module perhaps? an LDAP based solution? At this point we're looking for any solution - commercial or open source.
You want pam_tally: /usr/share/doc/packages/pam/modules/README.pam_tally Ciao, Marcus
On Wednesday 05 October 2005 09:26, Baenen Eric P Contr AFRL/HEC wrote: On my workstation to go into my accounts I have to go into yast and set to reboot into the other account. Is that the type of security your looking for?
One other thing - as far as we could tell pam_tally only locked a user out of a single machine (/var/log/faillog would appear to be kept on each individual machine) - it does not appear to be able to lock a network account - get locked out of one machine and the user could move on to the next machine.
Does anyone know of any LDAP-based(PAM/LDAP combo?)/enterprise solutions for this?
Thanks much,
Eric
-----Original Message----- From: Baenen Eric P Contr AFRL/HEC Sent: Wednesday, October 05, 2005 9:20 AM To: 'suse-security@suse.com' Subject: RE: [suse-security] account lockout after x incorrect attempts???
Thank you,
We had looked at pam_tally just a bit - but our searches didn't find much in the way of positive experience with it.
Has anyone actually implemented this with positive results?
Thanks,
Eric
-----Original Message----- From: Marcus Meissner [mailto:meissner@suse.de] Sent: Wednesday, October 05, 2005 9:08 AM To: Baenen Eric P Contr AFRL/HEC Cc: 'suse-security@suse.com' Subject: Re: [suse-security] account lockout after x incorrect attempts???
On Wed, Oct 05, 2005 at 08:34:06AM -0400, Baenen Eric P Contr AFRL/HEC
wrote:
Hello,
We have a number of SUSE 9.x workstations - and recently we've been mandated to have them adhere to a corporate IT security policy that requires account lockout after a certain number of incorrect login
attempts.
Has anyone ever worked with a solution for this for SUSE 9.x? a pam module perhaps? an LDAP based solution? At this point we're looking for any solution - commercial or open source.
You want pam_tally:
/usr/share/doc/packages/pam/modules/README.pam_tally
Ciao, Marcus
participants (2)
-
Baenen Eric P Contr AFRL/HEC -
bustedboots