HPE Community
Operating System - HP-UX
1848741 Members
10594 Online
104036 Solutions
New Discussion

How to lock the account in HP ux 11.2

 
sanjay.kumar
Occasional Advisor

‎06-08-2009 09:41 PM

‎06-08-2009 09:41 PM

How to lock the account in HP ux 11.2

Hi all

I want to lock an account. if the user was not able to put the right password in 3 attempt.
After 3 attempt the user account should have to lock and can open by root user only...

Is this possible in HPUX 11.2
0 Kudos
Reply
10 REPLIES 10
Nido
Trusted Contributor

‎06-08-2009 10:00 PM

‎06-08-2009 10:00 PM

Re: How to lock the account in HP ux 11.2

Hello Sanjay,

You need HP-UX Standard Mode Security Extensions, You're good to go with HPUX 11iv2.

Please check below URL:
http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=StdModSecExt

One of the features of HP-UX Standard Mode Security Extensions : Account locking after too many authentication failures occur

Cheers!!
" Let Villagers Be Happy!! "
0 Kudos
Reply
Robert-Jan Goossens
Honored Contributor

‎06-08-2009 10:07 PM

‎06-08-2009 10:07 PM

Re: How to lock the account in HP ux 11.2

add on,

From the man security(4)

AUTH_MAXTRIES

This attribute controls whether an account is locked after too many consecutive authentication failures. It does not apply to trusted systems, and it applies to standard systems only if the TrustedMigration product is installed. This attribute is supported in configurations consisting only of local users and/or NIS remote users. The system-wide default defined here may be overridden by defining a per-user value in /var/adm/userdb (described in userdb(4)). This feature requires that the pam_hpsec module is configured in /etc/pam.conf. See pam_hpsec(5). When an account has been locked due to too many authentication failures, root can unlock the account by su'ing to the account or by this command:

userdbset -d -u username auth_failures

AUTH_MAXTRIES=0 Any number of authentication retries is allowed.

Regards,
Robert-Jan
0 Kudos
Reply
Ganesan R
Honored Contributor

‎06-08-2009 10:12 PM

‎06-08-2009 10:12 PM

Re: How to lock the account in HP ux 11.2

Hi,

If the system is trusted one, you can configure this.

SAM->select the particular user -> goto security options -> There you can set unsuccessful login tries allowed to 3
Best wishes,

Ganesh.
0 Kudos
Reply
Sajjad Sahir
Honored Contributor

‎06-08-2009 10:29 PM

‎06-08-2009 10:29 PM

Re: How to lock the account in HP ux 11.2



Dear Sanjay

please clear u system is trusted or non-trusted.
if it is trusted u can use to do configure this one
see Ganeshan posting how to do through sam

once user account is locked due to three failed attempts, root can enable the user accout by using modprpw -k root(if it is trusted system)


thanks and regards

sajjad sahir
0 Kudos
Reply
Sajjad Sahir
Honored Contributor

‎06-08-2009 10:30 PM

‎06-08-2009 10:30 PM

Re: How to lock the account in HP ux 11.2

sorry sanjay

modprpw -k userid, unfortunately i typed root instead of userid in previous thread

thanks and regards

Sajjad Sahir
0 Kudos
Reply
sanjay.kumar
Occasional Advisor

‎06-08-2009 10:36 PM

‎06-08-2009 10:36 PM

Re: How to lock the account in HP ux 11.2

HI currently all the servers are not trusted mode
0 Kudos
Reply
Suraj K Sankari
Honored Contributor

‎06-08-2009 10:52 PM

‎06-08-2009 10:52 PM

Re: How to lock the account in HP ux 11.2

HI,
Then you can't do this, frist convert your system into trusted system.

See what you can do if your system is trusted

When a trusted system is implemented, the encrypted password are removed from the /etc/passwd file and
placed in a series of files that are readable only by root. Further security features are
â ¢ protected password database
â ¢ enhanced login configuration
â ¢ auditing
â ¢ terminal restrictions
â ¢ serial port restrictions
â ¢ access time restrictions
â ¢ password generation
â ¢ password aging


Suraj
0 Kudos
Reply
Nido
Trusted Contributor

‎06-08-2009 10:55 PM

‎06-08-2009 10:55 PM

Re: How to lock the account in HP ux 11.2

Hello Sanjay,

Have a look on the documents below: Your system need not have to be in Trusted Mode.

http://docs.hp.com/en/5991-8711/5991-8711.pdf

Cheers!!
" Let Villagers Be Happy!! "
0 Kudos
Reply
Sajjad Sahir
Honored Contributor

‎06-09-2009 12:07 AM

‎06-09-2009 12:07 AM

Re: How to lock the account in HP ux 11.2

Dear Sanjay

u can convert u system in to trusted if u need u can set up trusted system

the following link will help u

http://docs.hp.com/en/B2355-90950/ch08s08.html

thanks and regards

Sajjad Sahir
0 Kudos
Reply
Robert-Jan Goossens
Honored Contributor

‎06-09-2009 02:59 AM

‎06-09-2009 02:59 AM

Re: How to lock the account in HP ux 11.2

Guys,

Trusted mode, also known as trusted systems, will be deprecated in HP-UX 11i v3 (11.31), and will not be supported after the HP-UX 11i v3 scheduled release of the second half of 2006. This could affect any program that links with libsec and any program that is used for administration of a trusted system.

http://h21007.www2.hp.com/portal/site/dspp/menuitem.863c3e4cbcdc3f3515b49c108973a801?ciid=8108f44064f02110f44064f02110275d6e10RCRD

HP-UX Standard Mode Security Extensions is the new security product from HP for HPUX.

Regards,
Robert-Jan
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.