User Account Policy | Unix Linux Forums | Linux

  Go Back    


Linux RedHat, Ubuntu, SUSE, Fedora, Debian, Mandriva, Slackware, Gentoo linux, PCLinuxOS. All Linux questions here!

User Account Policy

Linux


Closed Thread    
 
Thread Tools Search this Thread Display Modes
    #1  
Old 10-04-2012
yprudent yprudent is offline
Registered User
 
Join Date: Jan 2011
Last Activity: 4 October 2012, 3:19 AM EDT
Posts: 11
Thanks: 1
Thanked 0 Times in 0 Posts
User Account Policy

Hi,
i have the following config in the system-auth files

PHP Code:
auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    
/lib/security/$ISA/pam_unix.so likeauth nullok
auth        required      
/lib/security/$ISA/pam_deny.so

account     required      
/lib/security/$ISA/pam_unix.so
account     sufficient    
/lib/security/$ISA/pam_succeed_if.so uid 100 quiet
account     required      
/lib/security/$ISA/pam_permit.so

password    requisite     
/lib/security/$ISA/pam_cracklib.so retry=3 minlen=8 lcredit=-1 ucredit=-1 dcredit=-1 ocredit=-1
password    sufficient    
/lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
password    required      
/lib/security/$ISA/pam_deny.so

session     required      
/lib/security/$ISA/pam_limits.so
session     required      
/lib/security/$ISA/pam_unix.so 
and i want a user to be able to try to enter a password on 3 time then the account shall be locked for 60 secondes. HAving a look to some post i tried the following:

PHP Code:
auth        required      /lib/security/$ISA/pam_env.so
#auth        required      /lib/security/$ISA/pam_tally.so onerr=fail deny=3 unlock_time=60
auth        required      /lib/security/$ISA/pam_tally.so deny=3 unclok_time=60
auth        sufficient    
/lib/security/$ISA/pam_unix.so likeauth nullok
auth        required      
/lib/security/$ISA/pam_deny.so

account     required      
/lib/security/$ISA/pam_unix.so
account     required      
/lib/security/$ISA/pam_tally.so reset
account     sufficient    
/lib/security/$ISA/pam_succeed_if.so uid 100 quiet
account     required      
/lib/security/$ISA/pam_permit.so

password    requisite     
/lib/security/$ISA/pam_cracklib.so try_first_pass retry=3 minlen=8 lcredit=-1 ucredit=-1 dcredit=-1 ocredit=-1
password    sufficient    
/lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
password    required      
/lib/security/$ISA/pam_deny.so

session     required      
/lib/security/$ISA/pam_limits.so
session     required      
/lib/security/$ISA/pam_unix.so 

but still test in unsucessfull. i need the help of an expert urgently,

thanks

Last edited by yprudent; 10-04-2012 at 01:40 AM..
Sponsored Links
    #2  
Old 10-04-2012
hergp hergp is offline Forum Advisor  
Problem Eliminator
 
Join Date: Jan 2010
Last Activity: 20 August 2014, 8:15 AM EDT
Location: Vienna, Austria
Posts: 789
Thanks: 18
Thanked 167 Times in 149 Posts
Try pam_tally2.so instead of pam_tally.so.
Sponsored Links
    #3  
Old 10-23-2012
Tommyk Tommyk is offline
Registered User
 
Join Date: Aug 2011
Last Activity: 20 August 2014, 8:30 AM EDT
Location: Ripon, North Yorkshire
Posts: 146
Thanks: 4
Thanked 14 Times in 14 Posts

Code:
#auth        required      /lib/security/$ISA/pam_tally.so onerr=fail deny=3 unlock_time=60
auth        required      /lib/security/$ISA/pam_tally.so deny=3 unclok_time=60

maybe a spell check? unclok_time should read unlock_time?
Sponsored Links
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
User and Password Policy yprudent Ubuntu 2 01-19-2012 09:11 AM
password policy for new user dehetoxic Solaris 7 11-12-2011 02:01 AM
how to assign group policy to user in solaris meet2muneer Solaris 1 07-14-2010 12:35 PM
Account lockout policy maverick_here Red Hat 1 06-08-2010 08:36 AM
Difference between : Locked User Account & Disabled User Accounts in Linux ? avklinux UNIX for Dummies Questions & Answers 3 02-06-2009 08:01 PM



All times are GMT -4. The time now is 10:22 PM.