I am using AIx 4.3.3 and was wondering what the command was to keep users from logging in. I want to be able to do maintenance and keep the users out. Can anyone help? (7 Replies)
Hi, I am extremely new to UNIX and was recently promoted to administer the system for a small company. Anyhow, the time came for passwords to change, and I made the huge mistake of entering in the command (as root)
passwd -l
After logging out (oblivious to what would happen next), the root... (4 Replies)
Hi,
We are using 4.3.3.0 and I would like to make a global change to the "number of failed logins before user account is locked"
Any ideas, other than using SMIT one user at a time.... ???
Thanks... Craig. (2 Replies)
I want to know if there is any easy way of stopping 1 user from using su? perferabily any su but I can make do with not allow him to su to root but allow other user to su to root. (3 Replies)
What is the best way to implement account lockout in openldap? I have an openldap server with Ubuntu desktop client connecting to it for authentication. I want he accounts to locked out after say 5 failed authentication attempts
I have enabled ppolicy layout in slapd.conf.
overlay ppolicy... (0 Replies)
On a redhat linux 4 server, how to find if there is an account lockout duration is set. Is it configured under pam or /etc/shadow? what entries I need to find out? Is it pam_time.so module?
I desperately need an answer because on one of the servers, no one was able to login through any account... (4 Replies)
Hi,
i have the following config in the system-auth files
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth required /lib/security/$ISA/pam_deny.so
account required ... (2 Replies)
having account lockout issues with an RHEL 5 server. My users are getting locked out for 10 minutes after one failed login attempt even though /etc/pam.d/sshd is configured for 5 failed attempts:
auth include system-auth
auth required pam_tally2.so deny=5 onerr=fail... (1 Reply)
Greetings,
I work with a Solaris Sun Server V240 system (GCCS) and have run into a problem where I can't seem to unlock my SECMAN account at the NON-GLOBAL level. I have access to all global accounts to include sysadmin and secman. I have access to the non-global sysadmin account and root... (4 Replies)
Good day. I have setup hardening the password (test system so far) prior to doing any work on production. Here is what I have set.
Snippet from /etc/pam.d/system-auth
auth required /lib/security/$ISA/pam_env.so
auth required /lib/security/$ISA/pam_tally.so... (3 Replies)
Discussion started by: smurphy_it
3 Replies
LEARN ABOUT CENTOS
lchage
lchage(1) General Commands Manual lchage(1)NAME
lchage - Display or change user password policy
SYNOPSIS
lchage [OPTION]... user
DESCRIPTION
Displays or allows changing password policy of user.
OPTIONS -d, --date=days
Set the date of last password change to days after Jan 1 1970.
Set days to -1 to disable password expiration (i.e. to ignore --mindays, and --maxdays and related settings).
Set days to 0 to enforce password change on next login. (This also disables password expiration until the password is changed.)
-E, --expire=days
Set the account expiration date to days after Jan 1 1970. Set days to -1 to disable account expiration.
-i, --interactive
Ask all questions when connecting to the user database, even if default answers are set up in libuser configuration.
-I, --inactive=days
Disable the account after days after password expires (after the user is required to change the password). Set days to -1 to keep
the account enabled indefinitely after password expiration.
-l, --list
Only list current user's policy and make no changes.
-m, --mindays=days
Require at least days days between password changes. Set days to 0 or -1 to disable this requirement.
If this value is larger than the value set by --maxdays, the user cannot change the pasword.
-M, --maxdays=days
Require changing the password after days since last password change. Set days to -1 to disable password expiration.
-W, --warndays=days
Start warning the user days before password expires (before the user is required to change the password). Set days to 0 or -1 to
disable the warning.
EXIT STATUS
The exit status is 0 on success, nonzero on error.
NOTES
Note that "account expiration" (set by --expire) is distinct from "password expiration" (set by --maxdays). Account expiration happens on
a fixed date regardless of password changes. Password expiration is relative to the date of last password change.
libuser Nov 8 2012 lchage(1)