|
|
Sponsored Content
Operating Systems
Solaris
Lock Password 3x times
Post 302323882 by bartus11 on Tuesday 9th of June 2009 09:27:27 AM
06-09-2009
|
|
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
how can I lock my keyboard while I'm away from the computer without using lock command. What other commands gives me the option to lock keyboard device?
thanks (7 Replies)
Discussion started by: dianayun
7 Replies
2. UNIX for Dummies Questions & Answers
I have access to 15+ UNIX boxes at work, and I do not consistently log onto all of them over time. When I do try to access one I havent been on in awhile, my account is locked as the password has expired.
I need to request to the UNIX SA's that the password expiration is 90 days and that if it... (1 Reply)
Discussion started by: stringzz
1 Replies
3. AIX
Is there such location or command to know how many times did you reboot your server in that particular day?in AIX. (3 Replies)
Discussion started by: kenshinhimura
3 Replies
4. UNIX for Dummies Questions & Answers
Hi, lads. Good day.
I have one question, how the system determines password expiry times?
Thanks in advance (1 Reply)
Discussion started by: yjck71
1 Replies
5. Red Hat
Hello all,
If anyone has time, I have a few questions:
How do I do the following in Linux. We are using Red Hat and Oracle Enterprise Linux, which is based on Red Hat too.
1. How to lock the account after a few (like 3) invalid password attempts?
2. How do you lock a screen after 30... (1 Reply)
Discussion started by: nstarz
1 Replies
6. Shell Programming and Scripting
I am trying to create a script that will take a very large, tab delimited file and then lock accounts.
File headers look like this
id desc server pass sudo lock
test Test user server01 67 no no
"Test user" is under the desc column
Basically if pass column is greater... (5 Replies)
Discussion started by: Gibby13
5 Replies
7. UNIX for Advanced & Expert Users
Hi all,
I have to test some user priviliges. The goal is to be sure that an unauthorized user can't restart some modules (ssh, mysql etc...).
I'm trying to automate it with a shell script but in same cases I got the syslog broadcast message.
Is there any way to simply get a return code... (3 Replies)
Discussion started by: Dedalus
3 Replies
8. Programming
Hello,
i'm trying to implement the times() function and i'm programming in C.
I'm using the "struct tms" structure which consists of the fields:
The tms_utime structure member is the CPU time charged for the execution of user instructions of the calling process.
The tms_stime structure... (1 Reply)
Discussion started by: g_p
1 Replies
9. SuSE
Below is the error I'm getting.
# passwd username
Changing password for username.
New Password:
Reenter New Password:
Password changed.
New UNIX password:
Retype new UNIX password:
Password has been already used. Choose another.
passwd: Authentication token manipulation error# cat... (0 Replies)
Discussion started by: toor13
0 Replies
10. Solaris
Hi,
Can we configure Solaris-10 and Solaris-11, which can lock any user for 15 minutes after 5 unsuccessful logins ?
I am trying to search, if it is possible but not able to find.
Regards (1 Reply)
Discussion started by: solaris_1977
1 Replies
LEARN ABOUT PLAN9
policy.conf
policy.conf(4) File Formats policy.conf(4) NAME
policy.conf - configuration file for security policy SYNOPSIS
/etc/security/policy.conf DESCRIPTION
The policy.conf file provides the security policy configuration for user-level attributes. Each entry consists of a key/value pair in the form: key=value The following keys are defined: AUTHS_GRANTED Specify the default set of authorizations granted to all users. This entry is interpreted by chkau- thattr(3SECDB). The value is one or more comma-separated authorizations defined in auth_attr(4). PROFS_GRANTED Specify the default set of profiles granted to all users. This entry is interpreted by chkauthattr(3SECDB) and getexecuser(3SECDB). The value is one or more comma-separated profiles defined in prof_attr(4). PRIV_DEFAULT and PRIV_LIMIT Settings for these keys determine the default privileges that users have. (See privileges(5).) If these keys are not set, the default privileges are taken from the inherited set. PRIV_DEFAULT determines the default set on login. PRIV_LIMIT defines the limit set on login. Users can have privileges assigned or taken away through use of user_attr(4). Privileges can also be assigned to profiles, in which case users who have those profiles can exercise the assigned privileges through pfexec(1). For maximum future compatibility, the privilege specifications should always include basic or all. Privi- leges should then be removed using negation. See EXAMPLES. By assigning privileges in this way, you avoid a situation where, following an addition of a currently unprivileged operation to the basic privilege set, a user unexpectedly does not have the privileges he needs to perform that now-privileged operation. Note that removing privileges from the limit set requires extreme care, as any set-uid root program might suddenly fail because it lacks certain privilege(s). Note also that dropping basic privileges from the default privilege set can cause unexpected failure modes in applications. LOCK_AFTER_RETRIES=YES|NO Specifies whether a local account is locked after the count of failed logins for a user equals or exceeds the allowed number of retries as defined by RETRIES in /etc/default/login. The default value for users is NO. Individual account overrides are provided by user_attr(4). CRYPT_ALGORITHMS_ALLOW Specify the algorithms that are allowed for new passwords and is enforced only in crypt_gensalt(3C). CRYPT_ALGORITHMS_DEPRECATE Specify the algorithm for new passwords that is to be deprecated. For example, to deprecate use of the tra- ditional UNIX algorithm, specify CRYPT_ALGORITHMS_DEPRECATE=__unix__ and change CRYPT_DEFAULT= to another algorithm, such as CRYPT_DEFAULT=1 for BSD and Linux MD5. CRYPT_DEFAULT Specify the default algorithm for new passwords. The Solaris default is the traditional UNIX algorithm. This is not listed in crypt.conf(4) since it is internal to libc. The reserved name __unix__ is used to refer to it. The key/value pair must appear on a single line, and the key must start the line. Lines starting with # are taken as comments and ignored. Option name comparisons are case-insensitive. Only one CRYPT_ALGORITHMS_ALLOW or CRYPT_ALGORITHMS_DEPRECATE value can be specified. Whichever is listed first in the file takes prece- dence. The algorithm specified for CRYPT_DEFAULT must either be specified for CRYPT_ALGORITHMS_ALLOW or not be specified for CRYPT_ALGO- RITHMS_DEPRECATE. If CRYPT_DEFAULT is not specified, the default is __unix__. EXAMPLES
Example 1: Defining a Key/Value Pair AUTHS_GRANTED=solaris.date Example 2: Specifying Privileges As noted above, you should specify privileges through negation, specifying all for PRIV_LIMIT and basic for PRIV_DEFAULT, then subtracting privileges, as shown below. PRIV_LIMIT=all,!sys_linkdir PRIV_DEFAULT=basic,!file_link_any The first line, above, takes away only the sys_linkdir privilege. The second line takes away only the file_link privilege. These privilege specifications will be unaffected by any future addition of privileges that might occur. FILES
/etc/user_attr Defines extended user attributes. /etc/security/auth_attr Defines authorizations. /etc/security/prof_attr Defines profiles. /etc/security/policy.conf Defines policy for the system. ATTRIBUTES
See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Availability |SUNWcsu | +-----------------------------+-----------------------------+ |Interface Stability |Evolving | +-----------------------------+-----------------------------+ SEE ALSO
login(1), pfexec(1), chkauthattr(3SECDB), getexecuser(3SECDB), auth_attr(4), crypt.conf(4), prof_attr(4), user_attr(4), attributes(5), privileges(5) SunOS 5.10 16 Mar 2004 policy.conf(4)