Operating System - HP-UX
1748123 Members
3250 Online
108758 Solutions
New Discussion

Re: Lock account after 5 unsuccessful login in HPUNIX 11.31

 
shameemsoft
Frequent Advisor

Lock account after 5 unsuccessful login in HPUNIX 11.31

Hello,

 

We tried to configure lock the account after 5 unsuccessful login in HPUNIX 11.31. 

 

we configured AUTH_MAXTRIES=5 in /etc/default/security. But it is not working. 

 

Then we found some solution in below link. they specified ldap in /etc/pam.conf file. But we are not using ldap.

 

http://bizsupport1.austin.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&taskId=110&prodSeriesId=4164814&prodTypeId=18964&objectID=c02538590&printver=true

 

How to resolve this issue. Kindly help me on this.

 

Regards

Shameem

 

 

-------------------------------

P.S. This Thread has been moved from Servers --> General to HP-UX --> Security - Forum Moderator

5 REPLIES 5
shameemsoft
Frequent Advisor

Re: Lock account after 5 unsuccessful login in HPUNIX 11.31

Hello,

 

I forgot to add one more point. It is non trusted system & we are using /etc/shadow file.

 

Regards

Shameem

shameemsoft
Frequent Advisor

Re: Lock account after 5 unsuccessful login in HPUNIX 11.31

Hi,

 

Can anyone help me to resolve this issue?

 

 

Arockiasamy K
Frequent Advisor

Re: Lock account after 5 unsuccessful login in HPUNIX 11.31

Hi,

 

  Please visit the following thread.

 

http://h30499.www3.hp.com/t5/System-Administration/account-locking-untrusted-system/td-p/4943305

 

In LDAP configuration, account locking will be maintained from the LDAP Server.

 

That configuration is for the LDAP server. You can get the benefits by making the system as trusted one.

Regards,
Arockiasamy K
SridharBandi
New Member

Re: Lock account after 5 unsuccessful login in HPUNIX 11.31

Hi Shameem,

 

Setting AUTH_MAXTRIES=5 in /etc/default/security file should help, but pam_hpsec should have been set in the /etc/pam.conf for the application that you are using to login. Note that, pam_hpsec module is the one that does access control checking on HP-UX.


Kindly provide the application that you are using for login and it  would help if you share the corresponding /etc/pam.conf entry for that application.

 

Regards,

Bandi

DeepakKulkarni
Occasional Visitor

Re: Lock account after 5 unsuccessful login in HPUNIX 11.31

Hi Shameem,

 

We do not  need to have LDAP to lock the account after N number of unsuccessful retries. Setting AUTH_MAXTRIES in /etc/default/security will lock the account as desired.

 

According to man page, An account is locked after N+1 consecutive authentication failures. When I tested the account got locked after 3 times when AUTH_MAXTRIES is set to 2.

 

Do you see the account was not locked after 6 unsuccessful attempts with (AUTH_MAXTRIES=5)?

 

If you are facing the issue still could you share the login application and the /etc/pam.conf files to investigate further.

 

Regards

Deepak