- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Account Lockout after max tries
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-30-2016 07:22 AM
тАО06-30-2016 07:22 AM
Account Lockout after max tries
Hello all,
I am auditing several HP-UX systems, some newer 11i and couple older 11.x. Question is that on the 11 i servers I find a /etc/default/security file to locate the Auth_maxtries for failed logins. However on the 11.x servers the /etc/default/security file does not exist. None of the systems are trusted or using pam according to admins. Is there another file which can control the failed logn maximum on either the 11.x server or the 11i servers?
Thank you in advance for assistance.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-30-2016 08:35 PM
тАО06-30-2016 08:35 PM
Re: Account Lockout after max tries
> [...] some newer 11i and couple older 11.x.
"11i" is "11.x". Actual output from "uname -a" might be more helpful
than your interpretation of the version(s).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-30-2016 08:46 PM
тАО06-30-2016 08:46 PM
Re: Account Lockout after max tries
The marketing terms 11i and 11.x are not meaningful. There are specific HP-UX releases which are summarized here:
https://en.wikipedia.org/wiki/HP-UX
There are, unfortunately, several different security choices for HP-UX systems with no consistent method to determine features and settings. A basic HP-UX install is loosely called standard security and there is no retry limit or lockout due to bad passwords. The HP-UX system may be converted to a trusted system (Trusted Computing Base or TCB) which has the largest number of choices for authentication and password controls. The system might have the Shadow Password package installed or might have SMSE (Standard Mode Security Extension) installed.
TCB, Shadow and SMSE do have controls for retry lockout but there are different commands needed to query the setting. While the /etc/default/security file may or may not exist, lack of a common query tool (and validation of settings) makes this file very unreliable. A simple spelling error in the security file will cause the setting to be ignored and the default for the security method to be (silently) ignored. Or the security file could be copied from another system. But the file itself will not change the security environment.
So here is how to identify the 4 security environments:
TCB: has the directory /tcb
Shadow: has the file /etc/shadow
SMSE: userdbget -a
If none of the above work, then the system is Standard security. No lockout due to incorrect passwords.
Bill Hassell, sysadmin