https://community.hpe.com/t5/operating-system-linux/account-disabled-message-on-auth-failure/m-p/4295458#M34284 its not happening; Any other criteria along with the /sbin/nologin?<BR /><BR /># faillog -u ftphrgl<BR />Username Failures Maximum Latest<BR />ftphrgl 6 0 Tue Oct 28 20:01:43 -0400 2008 on 147.154.162<BR /><BR />[root@adela161p pam.d]# grep account system-auth<BR />account required /lib/security//pam_unix.so<BR /><BR /> Tue, 28 Oct 2008 23:45:18 GMT skt_skt 2008-10-28T23:45:18Z https://community.hpe.com/t5/operating-system-linux/account-disabled-message-on-auth-failure/m-p/4295456#M34282 RHEL AS 2.1/3/4/5<BR /><BR />I have noticed that the LINUX user accounts are not returing an error message "account is disabled;contact your system administrator" unlike HP-UX.<BR /><BR />is there a way to get a similar message in Linux? We use pam authentication Tue, 28 Oct 2008 13:35:09 GMT https://community.hpe.com/t5/operating-system-linux/account-disabled-message-on-auth-failure/m-p/4295456#M34282 skt_skt 2008-10-28T13:35:09Z https://community.hpe.com/t5/operating-system-linux/account-disabled-message-on-auth-failure/m-p/4295457#M34283 ¿Under which circunstances do you want to get a similar message? For example, if she shell is /sbin/nologin you will get a similar message. Tue, 28 Oct 2008 17:19:12 GMT https://community.hpe.com/t5/operating-system-linux/account-disabled-message-on-auth-failure/m-p/4295457#M34283 Ivan Ferreira 2008-10-28T17:19:12Z https://community.hpe.com/t5/operating-system-linux/account-disabled-message-on-auth-failure/m-p/4295458#M34284 its not happening; Any other criteria along with the /sbin/nologin?<BR /><BR /># faillog -u ftphrgl<BR />Username Failures Maximum Latest<BR />ftphrgl 6 0 Tue Oct 28 20:01:43 -0400 2008 on 147.154.162<BR /><BR />[root@adela161p pam.d]# grep account system-auth<BR />account required /lib/security//pam_unix.so<BR /><BR /> Tue, 28 Oct 2008 23:45:18 GMT https://community.hpe.com/t5/operating-system-linux/account-disabled-message-on-auth-failure/m-p/4295458#M34284 skt_skt 2008-10-28T23:45:18Z https://community.hpe.com/t5/operating-system-linux/account-disabled-message-on-auth-failure/m-p/4295459#M34285 The "account is disabled" message will reveal to a potential intruder that the account *exists*, which can be an unacceptable information leak in high-security environments.<BR /><BR />Ideally, the intruder should not be able to tell these three cases apart:<BR />a) the account does not exist<BR />b) the account does exist, but it is locked; no password will allow entry<BR />c) the account exists and is not locked, but the intruder specified a wrong password.<BR /><BR />The information to identify these cases should certainly be available to the sysadmin, so the correct place for it is the secure system log (/var/log/secure or /var/log/auth.log in most Linux distributions).<BR /><BR />A secure way would be to add a short reminder to the end of /etc/issue or the equivalent pre-login message ("banner" in OpenSSH-style sshd configuration). Something generic like "If you have problems logging in, contact..." <BR /><BR />Of course, the accounts helpdesk, sysadmin or whoever handles the login problems should be required to always identify the users in some reliable way before unlocking any accounts. <BR /><BR />MK Wed, 29 Oct 2008 10:53:25 GMT https://community.hpe.com/t5/operating-system-linux/account-disabled-message-on-auth-failure/m-p/4295459#M34285 Matti_Kurkela 2008-10-29T10:53:25Z