[olug] Locked out of OLUG SquirrelMail

Brian Roberson roberson at olug.org
Tue Jan 14 20:14:46 UTC 2003


all depends on the distro. checkout /etc/login.defs , its all in your
"shadow" package , for example, I have defined:


# Password aging controls:
#
#       PASS_MAX_DAYS   Maximum number of days a password may be used.
#       PASS_MIN_DAYS   Minimum number of days allowed between password
changes.
#       PASS_MIN_LEN    Minimum acceptable password length.
#       PASS_WARN_AGE   Number of days warning given before a password
expires.
#
PASS_MAX_DAYS   60
PASS_MIN_DAYS   10
PASS_MIN_LEN    5
PASS_WARN_AGE   10




in /etc/login.defs , where my "useradd" command DOES inherit these options.



expire after x failed attempts is also performed by your "shadow" package,
specifically your login technique. you can use "faillog -m" to set max
number of failed attempts*****

*****caveat: ssh had a fairly large security hole when used in conjunction
with "login" so be default on most recent dist's "login" sshd support is
disabled.









----- Original Message -----
From: "Christopher Cashell" <topher at zyp.org>
To: <olug at olug.org>
Sent: Tuesday, January 14, 2003 2:38 AM
Subject: Re: [olug] Locked out of OLUG SquirrelMail


> At Tue, 14 Jan 03, Unidentified Flying Banana Brian Wiese, said:
>
> [Snip: User account info.]
>
> > is this password expiry date setup in your useradd script, or is there
> > some overall system process that setups and enforces user password
> > changes?
>
> I think the command you're looking for is chage.  See the man page for
> chage for more information on password aging.
>
> I don't know of any user add script that has inherent support for this,
> though it shouldn't be too difficult to write a little script for it.
>
> > Another question that has been bugging me today... is there a way to set
a
> > threshold on failed login attempts in GNU/Linux.. i.e, after 3
> > unsuccessful logins - the account is locked permanently, or perhaps for
5
> > hours?  Does PAM do stuff like this?
>
> In this case, I think the command you're looking for is faillog.  See
> the man page for faillog for more information on limiting login failures.
>
> I don't think it's directly available from PAM, but I've never looked
> into it all that closely, so I could be wrong.
>
> If the man pages don't provide what you're looking for, let us know. ;-)
>
> >   Brian Wiese | bwiese at cotse.com | aim: unolinuxguru
>
> --
> | Christopher
> +------------------------------------------------+
> | A: No.                                         |
> | Q: Should I include quotations after my reply? |
> +------------------------------------------------+
>
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug
>




More information about the OLUG mailing list