This is a very excellent point! I've also been looking for ways to implement this along with expiration of passwords - in other words, force a user to change the password after so many days. How can one go about these things in linux? I've seen the expires value when building user accounts but I haven't seen anything that would locak out after so many invalid attempts. Is there anything out there readily available or does one need to build it? On Wed, Jan 21, 2004 at 03:02:54AM -0700, Joseph C. Lininger wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > This doesn't really apply to the root user, but another thing you can > do which will help to increase security is to implement an account > lockout polacy. That is, logins are disabled on an account after say, > three invalid login attempts. The disadvantage to this is that you > have to manually unlock an account when this happens, but this also > means you know if someone is trying to break in to an account. Like I > said before, though, this obviously doesn't work for root. You should > definitely make sure your remote login software (telnet, ssh, etc.) > disconnects users after to many invalid login attempts. > - --- > Joseph C. Lininger > jbahm at pcdesk.net -- HolmesGrown Solutions The best solutions for the best price! http://ld.net/?holmesgrown