The idea is lock the user account for 3 minutes after he has entered his password incorrectly 3 times.
I've modified /etc/pam.d/system-auth
besides the code above I used these 2 commands to get things working
Set lock out at 3 failed login attempts:
faillog -m 3
Exclude root from this lockout mechanism:
faillog -u root -m 0
as you see I have not defined the lock_time=180 yet since no matter where I put it up there it won't work
where should it be? in order that after 3 or more failed attempts and after wait 3 minutes user can log to the system since for instance he now remember his correct password
Now I can unblock his account manually by faillog -r -u username but I want to avoid that admin task
Neo
Thanks for your reply to my original post, entitled "Problem changing the email address associated with my unix.com account".
I am unable to reply to you in that thread, as I am unable to log-on to unix.com!
From what you said about purging dormant accounts, it is likely that my account... (1 Reply)
Dear All ,
I have created a user named X and gave sudo permissions for it , So that it can access some commands as root.
This particular user can login to the server using SSH login through putty any where with in the network.
But there is some issue , when the same user is trying from... (4 Replies)
I need some help creating a condition for looking up hosts. I have this master host file that has data in the following columns:
FQDN primary IP secondary IP third IP
I need the hostnames to feed into another script I use for provisioning users. The FQDN doesn't always work for... (2 Replies)
Hi All,
I have one requirment..
I need to change my id to some sudo account in a server.. Actually our username/passwd will be stored in one gip file like below...
$cat .a.gz #It's hidden file
username
passwd
$
So I tried the below script to pass the password when i sudo to... (7 Replies)
Hi Everyone, my name`s Sergio.
I need your help please. I have a problem using Solaris 9. I create an account with the command line "useradd", with this I have no problem.
My problem is I need set the created account to NP (No Password or Non Login). For example:
cat /etc/shadow
... (2 Replies)
I am trying to create a shell script that will:
check if a specific user already exists
if not, create a specific group and create the user in that group
assign a password to that user, where the password is passed in as a parameter to the script
The problem that I need help with is 3 on... (4 Replies)
hello friends,
one user is created named "user1"
I login as "user1" . Now when i do "su -" to be root user I have to give password for root .
Is there any way through which we can skip giving the password to root.
i.e.
user1@work:~$ su -
Password: xxxxxx
work:~$
I don't want that... (1 Reply)
I have access to 15+ UNIX boxes at work, and I do not consistently log onto all of them over time. When I do try to access one I havent been on in awhile, my account is locked as the password has expired.
I need to request to the UNIX SA's that the password expiration is 90 days and that if it... (1 Reply)
pam_opendirectory(8) BSD System Manager's Manual pam_opendirectory(8)NAME
pam_opendirectory -- OpenDirectory PAM module
SYNOPSIS
[service-name] function-class control-flag pam_opendirectory [options]
DESCRIPTION
The OpenDirectory PAM module supports the authentication, account management and password management function classes. In terms of the
function-class parameter, these are ``auth'', ``account'' and ``password'' respectively.
The OpenDirectory Authentication Module
The OpenDirectory authentication module permits or denies users based on OpenDirectory password authentication.
The following option may be passed to this authentication module:
nullok Allow null passwords.
The OpenDirectory Account Management Module
The OpenDirectory account management module permits or denies users based whether the account is enabled in OpenDirectory.
The following option may be passed to this account management module:
no_check_shell
Skip validating the user's shell.
no_check_home
Skip validating the user's home directory.
refresh=min
Sets the mbr_check_membership(3) cache timeout to min minutes. When this option is used, the min value must be specified, and it
must be an integer.
The OpenDirectory Password Management Module
The OpenDirectory password management module supports password changing and enforces the OpenDirectory password policy.
SEE ALSO mbr_check_membership(3), pam.conf(5), pam(8), pwpolicy(8), DirectoryService(8)BSD February 7, 2009 BSD