Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: block user account after failed password
Top Forums UNIX for Dummies Questions & Answers block user account after failed password Post 302433835 by pludi on Wednesday 30th of June 2010 04:34:47 PM
Old 06-30-2010
From the man page of pam_tally
Quote:
lock_time=n
Always deny for n seconds after failed attempt.

unlock_time=n
Allow access after n seconds after failed attempt. If this option is used the user will be locked out for the specified amount of time after he exceeded his maximum allowed attempts. Otherwise the account is locked until the lock is removed by a manual intervention of the system administrator.
In my interpretation (tho I'm not sure) this means that lock_time will block access for a certain time after each failed attempt, which would be useful to slow down a brute-force attack. unlock_time, however, sets the time until an account is automatically unlocked after the maximum number of tries.
This User Gave Thanks to pludi For This Post:
kopper
 

10 More Discussions You Might Find Interesting

1. Solaris

how can I change user name and password , of account ?

passwd only changes the password but i need to change the user name tnx (5 Replies)
Discussion started by: umen
5 Replies

2. UNIX for Dummies Questions & Answers

Change Account to not lock account if password expires

I have access to 15+ UNIX boxes at work, and I do not consistently log onto all of them over time. When I do try to access one I havent been on in awhile, my account is locked as the password has expired. I need to request to the UNIX SA's that the password expiration is 90 days and that if it... (1 Reply)
Discussion started by: stringzz
1 Replies

3. UNIX for Dummies Questions & Answers

Difference between : Locked User Account & Disabled User Accounts in Linux ?

Thanks AVKlinux (3 Replies)
Discussion started by: avklinux
3 Replies

4. Debian

password less login to root from a user account

hello friends, one user is created named "user1" I login as "user1" . Now when i do "su -" to be root user I have to give password for root . Is there any way through which we can skip giving the password to root. i.e. user1@work:~$ su - Password: xxxxxx work:~$ I don't want that... (1 Reply)
Discussion started by: pradeepreddy
1 Replies

5. Shell Programming and Scripting

Create new user account and password in shell script

I am trying to create a shell script that will: check if a specific user already exists if not, create a specific group and create the user in that group assign a password to that user, where the password is passed in as a parameter to the script The problem that I need help with is 3 on... (4 Replies)
Discussion started by: killuane
4 Replies

6. Solaris

Set Password Account to NP or NL

Hi Everyone, my name`s Sergio. I need your help please. I have a problem using Solaris 9. I create an account with the command line "useradd", with this I have no problem. My problem is I need set the created account to NP (No Password or Non Login). For example: cat /etc/shadow ... (2 Replies)
Discussion started by: roswell
2 Replies

7. Shell Programming and Scripting

Passing password when changing the user account

Hi All, I have one requirment.. I need to change my id to some sudo account in a server.. Actually our username/passwd will be stored in one gip file like below... $cat .a.gz #It's hidden file username passwd $ So I tried the below script to pass the password when i sudo to... (7 Replies)
Discussion started by: raghu.iv85
7 Replies

8. Shell Programming and Scripting

Need a condition to account for failed nslookups

I need some help creating a condition for looking up hosts. I have this master host file that has data in the following columns: FQDN primary IP secondary IP third IP I need the hostnames to feed into another script I use for provisioning users. The FQDN doesn't always work for... (2 Replies)
Discussion started by: MaindotC
2 Replies

9. Red Hat

Failed password for invalid user

Dear All , I have created a user named X and gave sudo permissions for it , So that it can access some commands as root. This particular user can login to the server using SSH login through putty any where with in the network. But there is some issue , when the same user is trying from... (4 Replies)
Discussion started by: jegaraman
4 Replies

10. Forum Support Area for Unregistered Users & Account Problems

Further to my query re: failed attempt to change email address on existing account

Neo Thanks for your reply to my original post, entitled "Problem changing the email address associated with my unix.com account". I am unable to reply to you in that thread, as I am unable to log-on to unix.com! From what you said about purging dormant accounts, it is likely that my account... (1 Reply)
Discussion started by: irb
1 Replies

LEARN ABOUT HPUX

userstat

userstat(1M)															      userstat(1M)

NAME

       userstat - check status of local user accounts

SYNOPSIS

       [parm]...

       [parm]...

DESCRIPTION

       checks the status of local user accounts and reports abnormal conditions, such as account locks.

       If any parm arguments are specified, abnormal status is displayed only for those parameters, otherwise abnormal status is displayed for all
       parameters.  The section describes the various parameter values that can be used for parm.

       Each account with an abnormal status is displayed on a single line.  Each line contains the username followed by one  or  more  parameters,
       indicating what abnormal conditions exist for the account.  The section describes the various parameters that can be displayed.

   Options
       The following options are recognized:
       Display the status of all users listed in

       (Quiet) Do not print anything to standard output.
	      This can be used when interested only in the return value.

       Check the status of only the specified user
	      name.  The user must be a local user listed in

   Parameters
       The parameters that could be displayed to indicate abnormal account status, or that could be used with the option, include the following:

       is  displayed  if  an  administrator  lock is present on the account.  This lock indicates that the encrypted password in or begins with An
       administrator lock can be set, for example, with

       is displayed if the account is locked because the account expiration
	      date has been reached.  days is the number of days that the account has been expired.  See the description of the  expiration  field
	      in shadow(4).

       is displayed if the account's password has expired.
	      days is the number of days that the password has been expired.  days is displayed only if its value can be determined.

       is displayed if the account is locked because there have been no logins
	      to the account for a time interval that exceeds the maximum allowed.  days is the number of days that the account has been inactive.
	      See the description of the attribute in security(4).

       is displayed if the account is locked because the number of
	      consecutive authentication failures exceeded the maximum allowed.  num is the number of consecutive  authentication  failures.   See
	      the description of the attribute in security(4).

       is displayed if the account is locked because the account has
	      a null password and is not allowed to have a null password.  See the description of the attribute in security(4).

       is displayed if the account has a time-of-day login restriction.
	      times defines the time periods that the user may login.  See the description of the attribute in security(4).

   Security Restrictions
       Users invoking this command must have the authorization.  See authadm(1M).

       is not supported for trusted systems.

RETURN VALUE

       exits with one of the following values:

       did not find abnormal status
       found abnormal status
       invalid usage or user not found

EXAMPLES

       The following example reports all abnormal status for all local accounts.

       The following example shows that the account for user is not locked due to too many consecutive authentication failures.

FILES

       standard password file
       shadow password file
       user database

SEE ALSO

       authadm(1M), passwd(4), security(4), shadow(4), userdb(4).

																      userstat(1M)
All times are GMT -4. The time now is 09:57 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy