HPE Community
Operating System - HP-UX
1833685 Members
4092 Online
110062 Solutions
New Discussion

Re: Limit login attempts without trusted system

 
SOLVED
Go to solution
jmb
Regular Advisor

‎02-18-2004 09:45 AM

‎02-18-2004 09:45 AM

Limit login attempts without trusted system

Is there a way to limit the number of times a password can fail before the account is automatically locked? I see /etc/default/security, but no way to handle that particular parameter.

Perhaps a trusted system is the only way?
0 Kudos
Reply
5 REPLIES 5
A. Clay Stephenson
Acclaimed Contributor

‎02-18-2004 09:57 AM

‎02-18-2004 09:57 AM

Solution

Re: Limit login attempts without trusted system

Unless you feel up to writing your own custom login program and a database to keep up with login attempts then Trusted is your only option. In the Old Days of UNIX, when dinosaurs roamed the Earth, it was quite common to do your own login.
If it ain't broke, I can fix that.
Reply
Sridhar Bhaskarla
Honored Contributor

‎02-18-2004 10:01 AM

‎02-18-2004 10:01 AM

Re: Limit login attempts without trusted system

Hi,

I believe you cannot enforce the account lockout on bad login attempts without converting the system to trusted. You can apply quite a few restrictions with /etc/default/security (man security for more information). But this feature is available with trusted systems.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
Reply
Michael Tully
Honored Contributor

‎02-18-2004 10:02 AM

‎02-18-2004 10:02 AM

Re: Limit login attempts without trusted system

The only way is trusted. I wasn't around with the dinosaurs, but I do remember reading about these custom logins.

signed T-Rex
Anyone for a Mutiny ?
0 Kudos
Reply
jmb
Regular Advisor

‎02-18-2004 10:08 AM

‎02-18-2004 10:08 AM

Re: Limit login attempts without trusted system

OK, that's what I thought..

And on a related issue, are there any "gotchas" with converting to trusted? I've read previous threads about losing current passwords, and also keeping a couple of root sessions going until after the conversion.

Can this be convert be done on larger, older (11.0, 11i)) systems with relative ease? Any reasons to NOT do it?
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎02-18-2004 10:17 AM

‎02-18-2004 10:17 AM

Re: Limit login attempts without trusted system

Hi,

This can be done relatively easy. Make sure the following

1. encrypted password entries from /etc/passwd are not being used by anything on the system.
2. User accounts will be immediately expired. After converting the system to trusted, immediately un-expire the passwords. You can do it through either by SAM or with the command '/usr/lbin/modprdef -m exptm=0"

You may face issues with the users that have the passwords longer than 8 chars before. Ask them use only the first 8 chars until they change their passwords.

You can use the command 'tsconvert' to convert and 'tsconvert -r' to unconvert.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.