HPE Community
Operating System - HP-UX
1762908 Members
2005 Online
108909 Solutions
New Discussion юеВ

Re: How to stop user account from getting locked out

 
Santhosh.H
Frequent Advisor

тАО01-23-2002 08:15 AM

тАО01-23-2002 08:15 AM

How to stop user account from getting locked out

root user gets locked how to prevent
Be a true Professional
0 Kudos
Reply
8 REPLIES 8
someone_4
Honored Contributor

тАО01-23-2002 08:19 AM

тАО01-23-2002 08:19 AM

Re: How to stop user account from getting locked out

You talking about locking up on failed log ins?
In sam .. users and groups .. then choose root. .. Then go to Modify Security Policies.. ->
General User Account Policies
-> Unsuccessful Login Tries Allowed: and make that a very high number. Now I think this is only on a trusted system. But I am not sure. .. can someone clear that up for me?

Richard
0 Kudos
Reply
Christopher McCray_1
Honored Contributor

тАО01-23-2002 08:20 AM

тАО01-23-2002 08:20 AM

Re: How to stop user account from getting locked out

go into sam --> acounts for users and groups --> users

Highlight root entry and go to actions --> Modify user security policies.

There will be a password aging policy block. go into that and set it to disabled.

Have a good day

Chris
It wasn't me!!!!
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

тАО01-23-2002 08:23 AM

тАО01-23-2002 08:23 AM

Re: How to stop user account from getting locked out

Santosh,

It depends on the security policies of your trusted system. Use SAM to change the "unsuccessful Login Tries" field.

SAM -> Accounts for Users and Groups -> Users -> root -> modify security policies (Actions menu) -> General User account policies -> Unsuccessful Login Tries allowed

You can select customize and specify whatever the number of tries you want.

To make it across the board, you would go to SAM-> Auditing and Security -> System Security policies ->
General Account policies

Specify a customized value for Unsuccessful Login tries.

But you wouldn't want to make it across the board.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Patrick Wallek
Honored Contributor

тАО01-23-2002 08:24 AM

тАО01-23-2002 08:24 AM

Re: How to stop user account from getting locked out

I assume this is a trusted system and root is getting locked out due to too many bad passwords entered.

Go into Sam

Go to Accounts for Users and Groups

Go to Users

Scroll down until you see root and select it.

Go to the Actions menu and select 'Modify users security policies'

Then select 'General Users account Policies'

Then go to 'Unsuccessful login tries allowed' Select 'Customize' from the drop down menu and put in the # that you want. I usually use 99.


Hope this helps.
0 Kudos
Reply
Santhosh.H
Frequent Advisor

тАО01-23-2002 08:39 AM

тАО01-23-2002 08:39 AM

Re: How to stop user account from getting locked out

cant we make it infinite i.e any number of attempts if yes how?
Be a true Professional
0 Kudos
Reply
Christopher McCray_1
Honored Contributor

тАО01-23-2002 08:42 AM

тАО01-23-2002 08:42 AM

Re: How to stop user account from getting locked out

Not through sam ... it's a 2 digit field. If there is another way, I'm not aware (ie. usermod).


Chris
It wasn't me!!!!
0 Kudos
Reply
Christopher McCray_1
Honored Contributor

тАО01-23-2002 08:46 AM

тАО01-23-2002 08:46 AM

Re: How to stop user account from getting locked out

No option through usermod, according to man pages... side note, 99 tries should never be in danger of being reached. You should be safe with this number.

Chris
It wasn't me!!!!
0 Kudos
Reply
Victor BERRIDGE
Honored Contributor

тАО01-23-2002 08:59 AM

тАО01-23-2002 08:59 AM

Re: How to stop user account from getting locked out

I solved this problem by just stopping people to try to connect as root:
Force them to su!
Only allow root connection from the console, and create a second root account under another name for yourself (sysadm?) by creating the /etc/securetty file which contains the word console
Then to be sure you dont alway need to su root yourself, give yourself all privileges in restricted sam (=> sam -r)

Its not a good idea to allow more then 9 attempts for root in case there is really a hacker around just be sure you know how to reactivate the account by having a second account ready...
I also log who su-ed root in a file (name-tty-ip.address)...

Good luck
Victor
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.