account lockout after x incorrect attempts???
Hello, We have a number of SUSE 9.x workstations - and recently we've been mandated to have them adhere to a corporate IT security policy that requires account lockout after a certain number of incorrect login attempts. Has anyone ever worked with a solution for this for SUSE 9.x? a pam module perhaps? an LDAP based solution? At this point we're looking for any solution - commercial or open source. Thanks, Eric Eric Baenen Project Manager - Scientific Network Environments General Dynamics - Advanced Information Systems Phone: 937-255-8180 FAX: 937-255-8845 2255 H Street (AFRL/HEC) Area B Bldg 248 Rm 108 Wright Patterson AFB, OH 45433
On Wed, Oct 05, 2005 at 08:34:06AM -0400, Baenen Eric P Contr AFRL/HEC wrote:
Hello,
We have a number of SUSE 9.x workstations - and recently we've been mandated to have them adhere to a corporate IT security policy that requires account lockout after a certain number of incorrect login attempts.
Has anyone ever worked with a solution for this for SUSE 9.x? a pam module perhaps? an LDAP based solution? At this point we're looking for any solution - commercial or open source.
You want pam_tally: /usr/share/doc/packages/pam/modules/README.pam_tally Ciao, Marcus
On Wed, 5 Oct 2005 08:34:06 -0400 Baenen Eric P Contr AFRL/HEC <Eric.Baenen@wpafb.af.mil> wrote:
Hello,
We have a number of SUSE 9.x workstations - and recently we've been mandated to have them adhere to a corporate IT security policy that requires account lockout after a certain number of incorrect login attempts.
....
Look for this under Bone-Headed Security. Imagine this policy is successfully implemented. Then *anyone* could lock anyone else out of their account (aka a DOS) simply by trying to log into it. This policy opens the door to all kinds of mischief. It would even worse if it's going to be used to log in from the internet. Then you might as well give Al Qaida an on/off switch to your email system. hth, korporal ken, civilian -- A lot of us are working harder than we want, at things we don't like to do. Why? ...In order to afford the sort of existence we don't care to live. -- Bradford Angier
participants (3)
-
Baenen Eric P Contr AFRL/HEC -
ken -
Marcus Meissner