I beleive what you want is already in the shadow password suite... account expiration, account locking etc... kp On Wed, 21 Jan 2004, Steve Holmes wrote: > This is a very excellent point! I've also been looking for ways to > implement this along with expiration of passwords - in other words, > force a user to change the password after so many days. How can one > go about these things in linux? I've seen the expires value when > building user accounts but I haven't seen anything that would locak > out after so many invalid attempts. Is there anything out there > readily available or does one need to build it? > > On Wed, Jan 21, 2004 at 03:02:54AM -0700, Joseph C. Lininger wrote: > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > This doesn't really apply to the root user, but another thing you can > > do which will help to increase security is to implement an account > > lockout polacy. That is, logins are disabled on an account after say, > > three invalid login attempts. The disadvantage to this is that you > > have to manually unlock an account when this happens, but this also > > means you know if someone is trying to break in to an account. Like I > > said before, though, this obviously doesn't work for root. You should > > definitely make sure your remote login software (telnet, ssh, etc.) > > disconnects users after to many invalid login attempts. > > - --- > > Joseph C. Lininger > > jbahm at pcdesk.net > > -- > HolmesGrown Solutions > The best solutions for the best price! > http://ld.net/?holmesgrown > > _______________________________________________ > Speakup mailing list > Speakup at braille.uwo.ca > http://speech.braille.uwo.ca/mailman/listinfo/speakup >
