- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Locking Out Users After Failed Logins--Not A T...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-18-2007 05:58 AM
04-18-2007 05:58 AM
Locking Out Users After Failed Logins--Not A Trusted System
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-18-2007 06:07 AM
04-18-2007 06:07 AM
Re: Locking Out Users After Failed Logins--Not A Trusted System
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-18-2007 06:25 AM
04-18-2007 06:25 AM
Re: Locking Out Users After Failed Logins--Not A Trusted System
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-18-2007 06:28 AM
04-18-2007 06:28 AM
Re: Locking Out Users After Failed Logins--Not A Trusted System
Admin guide at. :
http://docs.hp.com/en/B2355-90121/B2355-90121.pdf
Regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-18-2007 06:29 AM
04-18-2007 06:29 AM
Re: Locking Out Users After Failed Logins--Not A Trusted System
If you are on HP-UX 11.11 you could take a look at Shadow passwords:
http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=ShadowPassword
But if your app won't support trusted, then the chances are probably slim that it will support shadow.
You must face the fact that the base authentication does not support locking out users after X invalid logins.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-18-2007 06:35 AM
04-18-2007 06:35 AM
Re: Locking Out Users After Failed Logins--Not A Trusted System
Even if you do create custom login programs which can lockout an account, you still have an almost unsurmountable obstacle to overcome in that the password hashes are visible and thus vulnerable to a guessing attack.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-18-2007 06:41 AM
04-18-2007 06:41 AM
Re: Locking Out Users After Failed Logins--Not A Trusted System
Just so you'll know, our application software has been ported from TI-990, TI-1500, & HP-9000 to the Itanium. I don't know what problems may be encountered with some of our ftp scripts and file permissions. And, yes, the shadow password file has been implemented with no problems (so far).
I have contacted our software vendor to see if there are any hidden problems that I haven't thought of (or imagined).
Thanks again.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-18-2007 06:50 AM
04-18-2007 06:50 AM
Re: Locking Out Users After Failed Logins--Not A Trusted System
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-19-2007 12:16 AM
04-19-2007 12:16 AM
Re: Locking Out Users After Failed Logins--Not A Trusted System
But, after some more research, it seems like we could use SMSE to do this. I know it's a stupid question, but can we really use SMSE running B.11.23 & is there a down side?
Thanks.
- Tags:
- SMSE
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-24-2007 01:30 AM
04-24-2007 01:30 AM
Re: Locking Out Users After Failed Logins--Not A Trusted System
Not a stupid question at all. Standard Mode Security Extensions (SMSE) is brand new with 11.23:
docs.hp.com/en/5991-8678/ch06s01.html
And you'll want to look at this:
docs.hp.com/en/5991-1125/ch01s03.html
Since SMSE is relatively new (and many poorly written programs still can't handle a Trusted system even after 10 years...), the only way to know about problems is to try it -- and at the same time, ask the vendor. If the vendor never heard about SMSE, I would be suspicious about success.
SMSE was created to bridge the gap between barebones unTrusted systems and a full TCB (Trusted Computing Base) by providing the elements of a Shadow Password system, yet (by using PAM and a more compatible security database) providing a much more secure environment.
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-24-2007 05:32 AM
04-24-2007 05:32 AM