User Account Policy


 
Thread Tools Search this Thread
Operating Systems Linux User Account Policy
# 1  
Old 10-04-2012
User Account Policy

Hi,
i have the following config in the system-auth files

PHP Code:
auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    
/lib/security/$ISA/pam_unix.so likeauth nullok
auth        required      
/lib/security/$ISA/pam_deny.so

account     required      
/lib/security/$ISA/pam_unix.so
account     sufficient    
/lib/security/$ISA/pam_succeed_if.so uid 100 quiet
account     required      
/lib/security/$ISA/pam_permit.so

password    requisite     
/lib/security/$ISA/pam_cracklib.so retry=3 minlen=8 lcredit=-1 ucredit=-1 dcredit=-1 ocredit=-1
password    sufficient    
/lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
password    required      
/lib/security/$ISA/pam_deny.so

session     required      
/lib/security/$ISA/pam_limits.so
session     required      
/lib/security/$ISA/pam_unix.so 
and i want a user to be able to try to enter a password on 3 time then the account shall be locked for 60 secondes. HAving a look to some post i tried the following:

PHP Code:
auth        required      /lib/security/$ISA/pam_env.so
#auth        required      /lib/security/$ISA/pam_tally.so onerr=fail deny=3 unlock_time=60
auth        required      /lib/security/$ISA/pam_tally.so deny=3 unclok_time=60
auth        sufficient    
/lib/security/$ISA/pam_unix.so likeauth nullok
auth        required      
/lib/security/$ISA/pam_deny.so

account     required      
/lib/security/$ISA/pam_unix.so
account     required      
/lib/security/$ISA/pam_tally.so reset
account     sufficient    
/lib/security/$ISA/pam_succeed_if.so uid 100 quiet
account     required      
/lib/security/$ISA/pam_permit.so

password    requisite     
/lib/security/$ISA/pam_cracklib.so try_first_pass retry=3 minlen=8 lcredit=-1 ucredit=-1 dcredit=-1 ocredit=-1
password    sufficient    
/lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
password    required      
/lib/security/$ISA/pam_deny.so

session     required      
/lib/security/$ISA/pam_limits.so
session     required      
/lib/security/$ISA/pam_unix.so 

but still test in unsucessfull. i need the help of an expert urgently,

thanks

Last edited by yprudent; 10-04-2012 at 02:40 AM..
# 2  
Old 10-04-2012
Try pam_tally2.so instead of pam_tally.so.
# 3  
Old 10-23-2012
Code:
#auth        required      /lib/security/$ISA/pam_tally.so onerr=fail deny=3 unlock_time=60
auth        required      /lib/security/$ISA/pam_tally.so deny=3 unclok_time=60

maybe a spell check? unclok_time should read unlock_time?
Login or Register to Ask a Question

Previous Thread | Next Thread

8 More Discussions You Might Find Interesting

1. AIX

How to copy user policy from a server to another one?

Hi I would like to copy some user policy ( such as login time out , password expired time, number of failed login before user is locked, ... ) from one server to another server. I had copied necessary files ( in /etc and /etc/security ) to new server, but something didn't work. I guess that... (13 Replies)
Discussion started by: bobochacha29
13 Replies

2. HP-UX

User account

I need to check actual date a user was disabled on my HP-UX server. Audit is claiming the user account was active during the last audit exercise. (7 Replies)
Discussion started by: cyriac_N
7 Replies

3. Ubuntu

User and Password Policy

Hi linux expert, i would like to create a script for listing all user with there password policy. It should be in the following format: Last password change : Sep 19, 2011 Password expires : never Password inactive : never Account... (2 Replies)
Discussion started by: yprudent
2 Replies

4. Solaris

password policy for new user

hi folk, i try to setup a new password policy for our solaris box user, below are the /etc/default/passwd/, but then when i tried to create a user, it didn't ask for numeric character, and the new password also didn't ask for special characters. # useradd testing # passwd testing New... (7 Replies)
Discussion started by: dehetoxic
7 Replies

5. Solaris

how to assign group policy to user in solaris

hi, how to assign group policy to user in solaris (1 Reply)
Discussion started by: meet2muneer
1 Replies

6. Red Hat

Account lockout policy

Hi all; I m using Red Hat Enterprise Linux Server release 5.1 (Tikanga) and I'm trying to setup password lockout policy so that a user account locks out after 3 failed attempts. Here are the entires of my /etc/pam.d/system-auth #%PAM-1.0 # This file is auto-generated. # User changes... (1 Reply)
Discussion started by: maverick_here
1 Replies

7. UNIX for Dummies Questions & Answers

Difference between : Locked User Account & Disabled User Accounts in Linux ?

Thanks AVKlinux (3 Replies)
Discussion started by: avklinux
3 Replies

8. Post Here to Contact Site Administrators and Moderators

user account

hi how to disable the useraccount in aix (should not remove). (1 Reply)
Discussion started by: chomca
1 Replies
Login or Register to Ask a Question