System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

adding parameter u_numunsuclog...

SR Rao
Advisor

adding parameter u_numunsuclog...

Hi,

The parameter "u_numunsuclog", keeps a count of the consecutive unsuccessful logins. I have added it in the /etc/auth/system/default as :u_numunsuclog@:chkenvt:

I believe that upon enabling this parameter(which I assume, I have enabled) the system will display a message which would inform the number of unsuccessful login attempts. But just adding the parameter to the /etc/auth/system/default didnt show any message during login.

Do I have to add it to in each users edauth entry, if so how do we do it? I tried this:

edauth -g | sed 's/:chkent:/:u_numunsuclog@:chkent:/' | edauth -s

But doing this, throws a message saying " Edit to entry "" made no changes "

How do we add a new parameter for a user and also how do we change an existing parameter?

Greetings.
3 REPLIES
Ivan Ferreira
Honored Contributor

Re: adding parameter u_numunsuclog...

I think that the parameter you need to obtain with edauth is u_flogins.

Also, remember that adding an @ to the option means that that option is set to false. I didn't find the option you specified in the man page or the security manual.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
SR Rao
Advisor

Re: adding parameter u_numunsuclog...

Thank you Ivan,

But I am looking for this parameter and functionality in TRU64 4.0D and 4.0F versions. Sorry for not mentioning it earlier.

Ta.
Ann Majeske
Honored Contributor

Re: adding parameter u_numunsuclog...

u_numunsuclog is a numeric counter, not a boolean, so u_numunsuclog@ is incorrect syntax. u_numunsuclog is incremented automatically by the system for each user, so it should NOT be set in the default database, nor should you try to set or modify it in each user's individual Enhanced Security profile.

If you are not seeing u_numunsuclog incremented in each user's Enhanced Security database entry I can think of a couple possibilities:
1) You don't have Enhanced Security enabled on the system
2) The version you are running supports the d_skip_fail_login_log entry in the default file and you have this entry defined in the default file

Check the Security manual and the "prpasswd" and "default" man pages for the version you are running for more details.