A topic of concern in Linux
prescott at deltav.org
Wed Jan 21 08:32:21 EST 2004
I beleive what you want is already in the shadow password suite...
account expiration, account locking etc...
On Wed, 21 Jan 2004, Steve Holmes wrote:
> This is a very excellent point! I've also been looking for ways to
> implement this along with expiration of passwords - in other words,
> force a user to change the password after so many days. How can one
> go about these things in linux? I've seen the expires value when
> building user accounts but I haven't seen anything that would locak
> out after so many invalid attempts. Is there anything out there
> readily available or does one need to build it?
> On Wed, Jan 21, 2004 at 03:02:54AM -0700, Joseph C. Lininger wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > This doesn't really apply to the root user, but another thing you can
> > do which will help to increase security is to implement an account
> > lockout polacy. That is, logins are disabled on an account after say,
> > three invalid login attempts. The disadvantage to this is that you
> > have to manually unlock an account when this happens, but this also
> > means you know if someone is trying to break in to an account. Like I
> > said before, though, this obviously doesn't work for root. You should
> > definitely make sure your remote login software (telnet, ssh, etc.)
> > disconnects users after to many invalid login attempts.
> > - ---
> > Joseph C. Lininger
> > jbahm at pcdesk.net
> HolmesGrown Solutions
> The best solutions for the best price!
> Speakup mailing list
> Speakup at braille.uwo.ca
More information about the Speakup