HPE Community
Operating System - HP-UX
1833056 Members
2484 Online
110049 Solutions
New Discussion

locking user account after 3 failed attempts

 
Gea Geerts
Advisor

‎09-12-2005 02:49 AM

‎09-12-2005 02:49 AM

locking user account after 3 failed attempts

Hi,

Got a question for you all.

We like to lock user accounts after
three failed attempts to logon.
To convert from a untrusted system to a trusted system is a big risk for our core business applications. So if there's another way ..

We're on hp-ux 11i.

Thanks

Gea


0 Kudos
5 REPLIES 5
Steven E. Protter
Exalted Contributor

‎09-12-2005 02:56 AM

‎09-12-2005 02:56 AM

Re: locking user account after 3 failed attempts

You can write a script that processs the btmp file

lastb

That ouput includes user names.

You can do this.

lastb | sort -u > list


while read -r username

badtry=$(lastb | grep -i $username | wc -l)
if [ $badtry -ge 3 ]
then
# passwd -l $username
fi
done < list

Run it as often as you want via cron.

Trusted system is better, but an iteration of the above code will work.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Rick Garland
Honored Contributor

‎09-12-2005 03:23 AM

‎09-12-2005 03:23 AM

Re: locking user account after 3 failed attempts

Going to a trusted system is going to be much better and much easier.

SEP has a good idea but on a trusted system this count starts over again if there is a successful login.

In other words, I have 2 failed attempts to login. I succeed on 3rd try. On trusted system this count starts over again.

To work with the lastb file, if there is a successful login within 3 unsuccessful attempts, do not lock the account. Look for 3 unsuccessful attempts in a row.
0 Kudos
SGUX
Valued Contributor

‎09-13-2005 12:01 AM

‎09-13-2005 12:01 AM

Re: locking user account after 3 failed attempts

I agree with Rick. Going to trusted would be the easiest. You can set the amount of login-attempts and other security-settings system-wide and change this if you like per account.

the command /usr/lbin/modprpw -l -k "account" can help you getting back your password after going to trusted (which is quit simple)
0 Kudos
Gea Geerts
Advisor

‎10-26-2005 08:21 PM

‎10-26-2005 08:21 PM

Re: locking user account after 3 failed attempts

Thank you all. We decided to leave it as it is now for the moment.
0 Kudos
Gea Geerts
Advisor

‎10-26-2005 08:34 PM

‎10-26-2005 08:34 PM

Re: locking user account after 3 failed attempts

We'll start a project next year to go from untrusted to trusted .
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.