The idea is lock the user account for 3 minutes after he has entered his password incorrectly 3 times.
I've modified /etc/pam.d/system-auth
besides the code above I used these 2 commands to get things working
Set lock out at 3 failed login attempts:
faillog -m 3
Exclude root from this lockout mechanism:
faillog -u root -m 0
as you see I have not defined the lock_time=180 yet since no matter where I put it up there it won't work
where should it be? in order that after 3 or more failed attempts and after wait 3 minutes user can log to the system since for instance he now remember his correct password
Now I can unblock his account manually by faillog -r -u username but I want to avoid that admin task
I have access to 15+ UNIX boxes at work, and I do not consistently log onto all of them over time. When I do try to access one I havent been on in awhile, my account is locked as the password has expired.
I need to request to the UNIX SA's that the password expiration is 90 days and that if it... (1 Reply)
hello friends,
one user is created named "user1"
I login as "user1" . Now when i do "su -" to be root user I have to give password for root .
Is there any way through which we can skip giving the password to root.
i.e.
user1@work:~$ su -
Password: xxxxxx
work:~$
I don't want that... (1 Reply)
I am trying to create a shell script that will:
check if a specific user already exists
if not, create a specific group and create the user in that group
assign a password to that user, where the password is passed in as a parameter to the script
The problem that I need help with is 3 on... (4 Replies)
Hi Everyone, my name`s Sergio.
I need your help please. I have a problem using Solaris 9. I create an account with the command line "useradd", with this I have no problem.
My problem is I need set the created account to NP (No Password or Non Login). For example:
cat /etc/shadow
... (2 Replies)
Hi All,
I have one requirment..
I need to change my id to some sudo account in a server.. Actually our username/passwd will be stored in one gip file like below...
$cat .a.gz #It's hidden file
username
passwd
$
So I tried the below script to pass the password when i sudo to... (7 Replies)
I need some help creating a condition for looking up hosts. I have this master host file that has data in the following columns:
FQDN primary IP secondary IP third IP
I need the hostnames to feed into another script I use for provisioning users. The FQDN doesn't always work for... (2 Replies)
Dear All ,
I have created a user named X and gave sudo permissions for it , So that it can access some commands as root.
This particular user can login to the server using SSH login through putty any where with in the network.
But there is some issue , when the same user is trying from... (4 Replies)
Discussion started by: jegaraman
4 Replies
10. Forum Support Area for Unregistered Users & Account Problems
Neo
Thanks for your reply to my original post, entitled "Problem changing the email address associated with my unix.com account".
I am unable to reply to you in that thread, as I am unable to log-on to unix.com!
From what you said about purging dormant accounts, it is likely that my account... (1 Reply)
Discussion started by: irb
1 Replies
LEARN ABOUT DEBIAN
faillog
FAILLOG(8) System Management Commands FAILLOG(8)NAME
faillog - display faillog records or set login failure limits
SYNOPSIS
faillog [options]
DESCRIPTION
faillog displays the contents of the failure log database (/var/log/faillog). It can also set the failure counters and limits. When faillog
is run without arguments, it only displays the faillog records of the users who had a login failure.
OPTIONS
The options which apply to the faillog command are:
-a, --all
Display (or act on) faillog records for all users having an entry in the faillog database.
The range of users can be restricted with the -u option.
In display mode, this is still restricted to existing users but forces the display of the faillog entries even if they are empty.
With the -l, -m, -r, -t options, the users' records are changed, even if the user does not exist on the system. This is useful to reset
records of users that have been deleted or to set a policy in advance for a range of users.
-h, --help
Display help message and exit.
-l, --lock-secs SEC
Lock account for SEC seconds after failed login.
Write access to /var/log/faillog is required for this option.
-m, --maximum MAX
Set the maximum number of login failures after the account is disabled to MAX.
Selecting a MAX value of 0 has the effect of not placing a limit on the number of failed logins.
The maximum failure count should always be 0 for root to prevent a denial of services attack against the system.
Write access to /var/log/faillog is required for this option.
-r, --reset
Reset the counters of login failures.
Write access to /var/log/faillog is required for this option.
-R, --root CHROOT_DIR
Apply changes in the CHROOT_DIR directory and use the configuration files from the CHROOT_DIR directory.
-t, --time DAYS
Display faillog records more recent than DAYS.
-u, --user LOGIN|RANGE
Display faillog record or maintains failure counters and limits (if used with -l, -m or -r options) only for the specified user(s).
The users can be specified by a login name, a numerical user ID, or a RANGE of users. This RANGE of users can be specified with a min
and max values (UID_MIN-UID_MAX), a max value (-UID_MAX), or a min value (UID_MIN-).
When none of the -l, -m, or -r options are used, faillog displays the faillog record of the specified user(s).
CAVEATS
faillog only prints out users with no successful login since the last failure. To print out a user who has had a successful login since
their last failure, you must explicitly request the user with the -u flag, or print out all users with the -a flag.
FILES
/var/log/faillog
Failure logging file.
SEE ALSO login(1), faillog(5).
shadow-utils 4.1.5.1 05/25/2012 FAILLOG(8)