06-25-2010
- Use pam_tally. man page and a quick description
- On graphical displays it depends on the dektop environment/screensaver settings, which are user-specific.
- Change the settings for pam_pwcheck (probably in the file /etc/pam.d/password) and set minlen accordingly. You can even set an option to prevent the user to reuse the last n passwords.
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
how can I lock my keyboard while I'm away from the computer without using lock command. What other commands gives me the option to lock keyboard device?
thanks (7 Replies)
Discussion started by: dianayun
7 Replies
2. UNIX for Advanced & Expert Users
Hi friends,
5-6 users are using the same login in one of our Unix server.
My question is, Is it possible to lock some folder using seperate password other than login password by each user, so that that folder is not accessible to other users.
Please guide/suggest me.
Cheers~~
Ganapati.... (11 Replies)
Discussion started by: ganapati
11 Replies
3. HP-UX
Dear frnds,
how i can make the password 5chs minimum length in hp-ux 11i ? pls help
regards (3 Replies)
Discussion started by: jestinabel
3 Replies
4. HP-UX
where I can set login fail ,lock time
thanks (2 Replies)
Discussion started by: alert0919
2 Replies
5. Solaris
Dears,
I want to lock the user's account after consecutive unsuccessful login attempts, how can I do this ? (1 Reply)
Discussion started by: mlsun
1 Replies
6. SuSE
Hi ,
Can anyone give ur answer for
How to lock the account after consecutive unsuccessful login in SUSE Enterprise 10.2 Linux (1 Reply)
Discussion started by: karthik04
1 Replies
7. Solaris
Dear ALL,
I have account to access to my server. If I type wrong password or wrong username 3x times then solaris will be automatically lock this user account.
So, How to de-activated this policy..??
Best Regards
Bejo:) (2 Replies)
Discussion started by: mbah_jiman
2 Replies
8. Shell Programming and Scripting
I am trying to create a script that will take a very large, tab delimited file and then lock accounts.
File headers look like this
id desc server pass sudo lock
test Test user server01 67 no no
"Test user" is under the desc column
Basically if pass column is greater... (5 Replies)
Discussion started by: Gibby13
5 Replies
9. UNIX for Advanced & Expert Users
Hi all,
I have to test some user priviliges. The goal is to be sure that an unauthorized user can't restart some modules (ssh, mysql etc...).
I'm trying to automate it with a shell script but in same cases I got the syslog broadcast message.
Is there any way to simply get a return code... (3 Replies)
Discussion started by: Dedalus
3 Replies
10. Solaris
Hi,
Can we configure Solaris-10 and Solaris-11, which can lock any user for 15 minutes after 5 unsuccessful logins ?
I am trying to search, if it is possible but not able to find.
Regards (1 Reply)
Discussion started by: solaris_1977
1 Replies
LEARN ABOUT SUSE
pam_timestamp_check
PAM_TIMESTAMP_CHECK(8) Linux-PAM Manual PAM_TIMESTAMP_CHECK(8)
NAME
pam_timestamp_check - Check to see if the default timestamp is valid
SYNOPSIS
pam_timestamp_check [-k] [-d] [target_user]
DESCRIPTION
With no arguments pam_timestamp_check will check to see if the default timestamp is valid, or optionally remove it.
OPTIONS
-k
Instead of checking the validity of a timestamp, remove it. This is analogous to sudo's -k option.
-d
Instead of returning validity using an exit status, loop indefinitely, polling regularly and printing the status on standard output.
target_user
By default pam_timestamp_check checks or removes timestamps generated by pam_timestamp when the user authenticates as herself. When the
user authenticates as a different user, the name of the timestamp file changes to accommodate this. target_user allows to specify this
user name.
RETURN VALUES
0
The timestamp is valid.
2
The binary is not setuid root.
3
Invalid invocation.
4
User is unknown.
5
Permissions error.
6
Invalid controlling tty.
7
Timestamp is not valid.
NOTES
Users can get confused when they are not always asked for passwords when running a given program. Some users reflexively begin typing
information before noticing that it is not being asked for.
EXAMPLES
auth sufficient pam_timestamp.so verbose
auth required pam_unix.so
session required pam_unix.so
session optional pam_timestamp.so
FILES
/var/run/sudo/...
timestamp files and directories
SEE ALSO
pam_timestamp_check(8), pam.conf(5), pam.d(5), pam(8)
AUTHOR
pam_tally was written by Nalin Dahyabhai.
Linux-PAM Manual 04/01/2010 PAM_TIMESTAMP_CHECK(8)