Mailinglist Archive: opensuse-security (232 mails)

< Previous Next >
Re: [suse-security] account lockout after x incorrect attempts???
  • From: bustedboots <bustedboots@xxxxxxxxxxxxx>
  • Date: Wed, 5 Oct 2005 14:19:41 -0400
  • Message-id: <200510051419.41729.bustedboots@xxxxxxxxxxxxx>
On Wednesday 05 October 2005 09:26, Baenen Eric P Contr AFRL/HEC wrote:

On my workstation to go into my accounts I have to go into yast and set to
reboot into the other account. Is that the type of security your looking for?





> One other thing - as far as we could tell pam_tally only locked a user out
> of a single machine (/var/log/faillog would appear to be kept on each
> individual machine) - it does not appear to be able to lock a network
> account - get locked out of one machine and the user could move on to the
> next machine.
>
> Does anyone know of any LDAP-based(PAM/LDAP combo?)/enterprise solutions
> for this?
>
> Thanks much,
>
> Eric
>
> -----Original Message-----
> From: Baenen Eric P Contr AFRL/HEC
> Sent: Wednesday, October 05, 2005 9:20 AM
> To: 'suse-security@xxxxxxxx'
> Subject: RE: [suse-security] account lockout after x incorrect attempts???
>
>
> Thank you,
>
> We had looked at pam_tally just a bit - but our searches didn't find much
> in the way of positive experience with it.
>
> Has anyone actually implemented this with positive results?
>
> Thanks,
>
> Eric
>
> -----Original Message-----
> From: Marcus Meissner [mailto:meissner@xxxxxxx]
> Sent: Wednesday, October 05, 2005 9:08 AM
> To: Baenen Eric P Contr AFRL/HEC
> Cc: 'suse-security@xxxxxxxx'
> Subject: Re: [suse-security] account lockout after x incorrect attempts???
>
> On Wed, Oct 05, 2005 at 08:34:06AM -0400, Baenen Eric P Contr AFRL/HEC
>
> wrote:
> > Hello,
> >
> > We have a number of SUSE 9.x workstations - and recently we've been
> > mandated to have them adhere to a corporate IT security policy that
> > requires account lockout after a certain number of incorrect login
>
> attempts.
>
> > Has anyone ever worked with a solution for this for SUSE 9.x? a pam
> > module perhaps? an LDAP based solution? At this point we're looking
> > for any solution - commercial or open source.
>
> You want pam_tally:
>
> /usr/share/doc/packages/pam/modules/README.pam_tally
>
> Ciao, Marcus

< Previous Next >