Mailinglist Archive: opensuse-security (232 mails)

< Previous Next >
RE: [suse-security] account lockout after x incorrect attempts???
  • From: Baenen Eric P Contr AFRL/HEC <Eric.Baenen@xxxxxxxxxxxx>
  • Date: Wed, 5 Oct 2005 09:26:33 -0400
  • Message-id: <53689306F895574497F51E0CA8679B47A9B022@xxxxxxxxxxxxxxxxxxxxx>
One other thing - as far as we could tell pam_tally only locked a user out
of a single machine (/var/log/faillog would appear to be kept on each
individual machine) - it does not appear to be able to lock a network
account - get locked out of one machine and the user could move on to the
next machine.

Does anyone know of any LDAP-based(PAM/LDAP combo?)/enterprise solutions for
this?

Thanks much,

Eric

-----Original Message-----
From: Baenen Eric P Contr AFRL/HEC
Sent: Wednesday, October 05, 2005 9:20 AM
To: 'suse-security@xxxxxxxx'
Subject: RE: [suse-security] account lockout after x incorrect attempts???


Thank you,

We had looked at pam_tally just a bit - but our searches didn't find much in
the way of positive experience with it.

Has anyone actually implemented this with positive results?

Thanks,

Eric

-----Original Message-----
From: Marcus Meissner [mailto:meissner@xxxxxxx]
Sent: Wednesday, October 05, 2005 9:08 AM
To: Baenen Eric P Contr AFRL/HEC
Cc: 'suse-security@xxxxxxxx'
Subject: Re: [suse-security] account lockout after x incorrect attempts???

On Wed, Oct 05, 2005 at 08:34:06AM -0400, Baenen Eric P Contr AFRL/HEC
wrote:
> Hello,
>
> We have a number of SUSE 9.x workstations - and recently we've been
> mandated to have them adhere to a corporate IT security policy that
> requires account lockout after a certain number of incorrect login
attempts.
>
> Has anyone ever worked with a solution for this for SUSE 9.x? a pam
> module perhaps? an LDAP based solution? At this point we're looking
> for any solution - commercial or open source.

You want pam_tally:

/usr/share/doc/packages/pam/modules/README.pam_tally

Ciao, Marcus

< Previous Next >
Follow Ups