01-18-2012
Account Lockout on Redhat
On a redhat linux 4 server, how to find if there is an account lockout duration is set. Is it configured under pam or /etc/shadow? what entries I need to find out? Is it pam_time.so module?
I desperately need an answer because on one of the servers, no one was able to login through any account (not from ssh or through console), and repeated reboots didn't help either and just when everybody was about to give up, suddenly everyone was able to log in.
What could it be, please recommend.
Regards
9 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
I am using AIx 4.3.3 and was wondering what the command was to keep users from logging in. I want to be able to do maintenance and keep the users out. Can anyone help? (7 Replies)
Discussion started by: cgillett
7 Replies
2. UNIX for Dummies Questions & Answers
Hi, I am extremely new to UNIX and was recently promoted to administer the system for a small company. Anyhow, the time came for passwords to change, and I made the huge mistake of entering in the command (as root)
passwd -l
After logging out (oblivious to what would happen next), the root... (4 Replies)
Discussion started by: newbieadmin
4 Replies
3. AIX
Hi,
We are using 4.3.3.0 and I would like to make a global change to the "number of failed logins before user account is locked"
Any ideas, other than using SMIT one user at a time.... ???
Thanks... Craig. (2 Replies)
Discussion started by: stumpy
2 Replies
4. AIX
I want to know if there is any easy way of stopping 1 user from using su? perferabily any su but I can make do with not allow him to su to root but allow other user to su to root. (3 Replies)
Discussion started by: daveisme
3 Replies
5. Red Hat
Hi all;
I m using Red Hat Enterprise Linux Server release 5.1 (Tikanga) and I'm trying to setup password lockout policy so that a user account locks out after 3 failed attempts.
Here are the entires of my /etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes... (1 Reply)
Discussion started by: maverick_here
1 Replies
6. UNIX and Linux Applications
What is the best way to implement account lockout in openldap? I have an openldap server with Ubuntu desktop client connecting to it for authentication. I want he accounts to locked out after say 5 failed authentication attempts
I have enabled ppolicy layout in slapd.conf.
overlay ppolicy... (0 Replies)
Discussion started by: nitin09
0 Replies
7. Red Hat
having account lockout issues with an RHEL 5 server. My users are getting locked out for 10 minutes after one failed login attempt even though /etc/pam.d/sshd is configured for 5 failed attempts:
auth include system-auth
auth required pam_tally2.so deny=5 onerr=fail... (1 Reply)
Discussion started by: nerdalert
1 Replies
8. Solaris
Greetings,
I work with a Solaris Sun Server V240 system (GCCS) and have run into a problem where I can't seem to unlock my SECMAN account at the NON-GLOBAL level. I have access to all global accounts to include sysadmin and secman. I have access to the non-global sysadmin account and root... (4 Replies)
Discussion started by: TLAMGUY
4 Replies
9. Red Hat
Good day. I have setup hardening the password (test system so far) prior to doing any work on production. Here is what I have set.
Snippet from /etc/pam.d/system-auth
auth required /lib/security/$ISA/pam_env.so
auth required /lib/security/$ISA/pam_tally.so... (3 Replies)
Discussion started by: smurphy_it
3 Replies
pwconv(8) System Manager's Manual pwconv(8)
NAME
pwconv - convert to shadow account
SYNOPSIS
pwconv [-P path]
DESCRIPTION
pwconv installs and updates /etc/shadow with information from /etc/passwd. It relies on the special password 'x' in the password field of
the account. This value indicates that the password for the user is already in /etc/shadow and should not be modified.
If /etc/shadow does not exist, pwconv creates this file, moves the user password to it and creates default aging informations with the help
of the values of PASS_MIN_DAYS, PASS_MAX_DAYS and PASS_WARN_AGE from /etc/login.defs. The password field in /etc/passwd is replaced with
the special character 'x'.
If the /etc/shadow does exist, entries that are in the /etc/passwd file and not in the /etc/shadow file are added to the /etc/shadow file.
Accounts, which only exist in /etc/passwd, are added to /etc/shadow. Entries that are in /etc/shadow and not in /etc/passwd are removed
from /etc/shadow. All passwords from /etc/passwd are moved to /etc/shadow and replaced with the special character 'x'.
pwconv can be used for initial conversion and for updates later.
OPTIONS
-P, --path path
The passwd and shadow files are located below the specified directory path. pwconv will use this files, not /etc/passwd and
/etc/shadow.
FILES
passwd - user account information
shadow - shadow user account information
SEE ALSO
passwd(1), login.defs(5), passwd(5), shadow(5), pwck(8), pwunconv(8)
AUTHOR
Thorsten Kukuk <kukuk@suse.de>
pwdutils January 2004 pwconv(8)