I use Slackware 9.1 here; haven't looked yet to see if I have shadow utils or faillog. Thanks for the tip. On Wed, Jan 21, 2004 at 10:29:00AM -0700, Joseph C. Lininger wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > What distro are you using? Some distros have the faillog program, > which will implement failed logins. You also need a version of the > shadow utilities that supports this function. If you have faillog, > chances are you have everything else too. Password expiration is > implemented using the passwd program. Be careful with this one > though, as if the password is expired, open ssh will not allow a user > to log in at all. At least that's what happens in Slackware. > - --- > Joseph C. Lininger > jbahm at pcdesk.net > - ----- Original Message ----- > From: "Steve Holmes" <steve at holmesgrown.com> > To: <speakup at braille.uwo.ca> > Sent: Wednesday, January 21, 2004 5:46 AM > Subject: Re: A topic of concern in Linux > > > > This is a very excellent point! I've also been looking for ways to > > implement this along with expiration of passwords - in other words, > > force a user to change the password after so many days. How can > > one go about these things in linux? I've seen the expires value > > when > > building user accounts but I haven't seen anything that would locak > > out after so many invalid attempts. Is there anything out there > > readily available or does one need to build it? > > > > On Wed, Jan 21, 2004 at 03:02:54AM -0700, Joseph C. Lininger wrote: > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > Hash: SHA1 > > > > > > This doesn't really apply to the root user, but another thing you > > > can do which will help to increase security is to implement an > > > account lockout polacy. That is, logins are disabled on an > > > account after say, three invalid login attempts. The disadvantage > > > to this is that you have to manually unlock an account when this > > > happens, but this also means you know if someone is trying to > > > break in to an account. Like I said before, though, this > > > obviously doesn't work for root. You should definitely make sure > > > your remote login software (telnet, ssh, etc.) disconnects users > > > after to many invalid login attempts. > > > - --- > > > Joseph C. Lininger > > > jbahm at pcdesk.net > > > > -- > > HolmesGrown Solutions > > The best solutions for the best price! > > http://ld.net/?holmesgrown > > > > _______________________________________________ > > Speakup mailing list > > Speakup at braille.uwo.ca > > http://speech.braille.uwo.ca/mailman/listinfo/speakup > > -----BEGIN PGP SIGNATURE----- > Version: PGP 8.0.3 > > iQA/AwUBQA622ienap9Jqj2wEQJazQCfTSr3nq62dZQocIE2FK5kqAsr70AAn3M3 > fOemt1KfGpTEtLKbn0g1MNxM > =TbW5 > -----END PGP SIGNATURE----- > > > _______________________________________________ > Speakup mailing list > Speakup at braille.uwo.ca > http://speech.braille.uwo.ca/mailman/listinfo/speakup > > -- HolmesGrown Solutions The best solutions for the best price! http://ld.net/?holmesgrown
