[NTLUG:Discuss] OT UNIX question
Cameron, Thomas
Thomas.Cameron at bankofamerica.com
Tue Feb 3 11:11:23 CST 2004
> -----Original Message-----
> From: fredjame [mailto:fredjame at fredjame.cnc.net]
> Sent: Tuesday, February 03, 2004 10:08 AM
> To: NTLUG Discussion List
> Subject: [NTLUG:Discuss] OT UNIX question
>
>
> What is the normal way to lock accounts after x number of
> failed login
> attempts?
Ugh - we have been fighting this here at the Bank. What we've looked at is pam_tally in /etc/pam.d/system-auth. Having said that, I've found that it's not well documented and doesn't work as expected. If you set it to 5 failed attempts, it seems like it's really 7 or 8 before lockout. No clue why.
Have a look at http://www.puschitz.com/Security.shtml.
--
Thomas Cameron, RHCE, CNE, MCSE, MCT
Assistant Vice President
Linux Design and Engineering
Bank of America
(972) 997-9641
The opinions expressed in this message are mine alone and do not necessarily reflect the opinions of my employer, Bank of America.
More information about the Discuss
mailing list