Solaris

Hello;
I am moving a customer from Solaris 2.6 to Solaris 2.8. The customer has requested the following two requirements also be implemented:
1. Lock a user account out for X number of days after 3 unsuccessful login attempts.
2. No reuse of the last 5-10 passwords. Also referred to as password history.

Solaris 8 does not natively support these.
I have read up on epasswd and npasswd they do not meet these requirements either. Any suggestions and all help will be appreciated.

Regards - Mark

Solaris depends on PAM modules to make the login process more robust. There are some free PAM modules that do do what you are describing.

PAM_login_limit - locks an account after a number of incorect login attempts.
PAM_remote_hosts - provides TCP wrappers style control, but at the PAM level, so we also have control on user/host/service.
PAM_login_times - provides control over login times for users. Configurable on a 15 minute interval.
PAM_chroot - allows any account to be chrooted.
PAM_history - allows password reuse to be controlled over multiple password changes.
PAM_null - diagnostic and tracing module.

You can find the module source and binaries at Computer Smiths

Now the cautionary note. Using PAM third-party modules can introduce additional risk to any system.

Cheers,

Keith Duffin