A topic of concern in Linux

Steve Holmes steve at holmesgrown.com
Thu Jan 22 12:04:21 EST 2004


I use Slackware 9.1 here; haven't looked yet to see if I have shadow
utils or faillog.  Thanks for the tip.

On Wed, Jan 21, 2004 at 10:29:00AM -0700, Joseph C. Lininger wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> What distro are you using? Some distros have the faillog program,
> which will implement failed logins. You also need a version of the
> shadow utilities that supports this function. If you have faillog,
> chances are you have everything else too. Password expiration is
> implemented using the passwd program. Be careful with this one
> though, as if the password is expired, open ssh will not allow a user
> to log in at all. At least that's what happens in Slackware.
> - ---
> Joseph C. Lininger
> jbahm at pcdesk.net
> - ----- Original Message ----- 
> From: "Steve Holmes" <steve at holmesgrown.com>
> To: <speakup at braille.uwo.ca>
> Sent: Wednesday, January 21, 2004 5:46 AM
> Subject: Re: A topic of concern in Linux
> 
> 
> > This is a very excellent point! I've also been looking for ways to
> > implement this along with expiration of passwords - in other words,
> > force a user to change the password after so many days.  How can
> > one go about these things in linux? I've seen the expires value
> > when
> > building user accounts but I haven't seen anything that would locak
> > out after so many invalid attempts.  Is there anything out there
> > readily available or does one need to build it?
> > 
> > On Wed, Jan 21, 2004 at 03:02:54AM -0700, Joseph C. Lininger wrote:
> > > 
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > > 
> > > This doesn't really apply to the root user, but another thing you
> > > can do which will help to increase security is to implement an
> > > account lockout polacy. That is, logins are disabled on an
> > > account after say, three invalid login attempts. The disadvantage
> > > to this is that you have to manually unlock an account when this
> > > happens, but this also means you know if someone is trying to
> > > break in to an account. Like I said before, though, this
> > > obviously doesn't work for root. You should definitely make sure
> > > your remote login software (telnet, ssh, etc.) disconnects users
> > > after to many invalid login attempts.
> > > - ---
> > > Joseph C. Lininger
> > > jbahm at pcdesk.net
> > 
> > -- 
> > HolmesGrown Solutions
> > The best solutions for the best price!
> > http://ld.net/?holmesgrown
> > 
> > _______________________________________________
> > Speakup mailing list
> > Speakup at braille.uwo.ca
> > http://speech.braille.uwo.ca/mailman/listinfo/speakup
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 8.0.3
> 
> iQA/AwUBQA622ienap9Jqj2wEQJazQCfTSr3nq62dZQocIE2FK5kqAsr70AAn3M3
> fOemt1KfGpTEtLKbn0g1MNxM
> =TbW5
> -----END PGP SIGNATURE-----
> 
> 
> _______________________________________________
> Speakup mailing list
> Speakup at braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
> 
> 

-- 
HolmesGrown Solutions
The best solutions for the best price!
http://ld.net/?holmesgrown




More information about the Speakup mailing list