HPE Community
Operating System - HP-UX
1820033 Members
3286 Online
109608 Solutions
New Discussion юеВ

Re: Restricting Wrong password retry attempts

 
SOLVED
Go to solution
Abdul Salam H S_1
Frequent Advisor

тАО04-20-2002 09:16 PM

тАО04-20-2002 09:16 PM

Restricting Wrong password retry attempts


Hi,

I have an HP9000 Server.I need to implement password security policy in such a way that, if a user enters his password wrongly, say 3 times, the account should get locked, which only the root user should be able to unlock.
Is it possible by converting my system to Trusted system? Is this option coming by default once you convert to Trusted system?


Thanks in Adv

Abdul Salam
0 Kudos
Reply
5 REPLIES 5
S.K. Chan
Honored Contributor

тАО04-21-2002 02:56 AM

тАО04-21-2002 02:56 AM

Solution

Re: Restricting Wrong password retry attempts

Yes, you're able to do this in a trusted system.You just need to modify the policy of that user account. Using SAM is the easiest way.

a)In SAM go to "Accounts for Users & Groups"
b)Choose "Users" and select the user account from the list.
c)Goto to the "Action" menu and select "Modify Security Policies".
d)Select "General User Account Policies"
e)Change to the number of login attempts allowed from "Unsuccessful Login Tries Allowed".You have to choose "Custom" and then specify the number of attempts that you want to assign to that account (in your case it would be 3).
Reply
Amruth
Regular Advisor

тАО04-21-2002 03:57 AM

тАО04-21-2002 03:57 AM

Re: Restricting Wrong password retry attempts

Hi,

You can enable these options by changing the system to a Trusted system.

AR
If i am doing the same way you are doing to me then what is the difference between us.
Reply
T. M. Louah
Esteemed Contributor

тАО04-21-2002 05:15 AM

тАО04-21-2002 05:15 AM

Re: Restricting Wrong password retry attempts

HOW TO CHECK IF SYSTEM TRUSTED :
root:> /usr/lbin/getprpw root
System is not trusted.
The above shown when system is not! a different display shown if system has been Trusted.
The system is not trusted by default, here how to do it from command line:
# /usr/lbin/tsconvert ???c to convert trust system from command line

# /usr/lbin/tsconvert ???r to unconvert untrust system from command line

.: each user get file created under --> # ll /tcb/files/auth
......
drwxrwx--- 2 root sys 96 Apr 19 17:44 A
drwxrwx--- 2 root sys 96 Apr 19 17:44 B
drwxrwx--- 2 root sys 96 Apr 19 17:44 C
drwxrwx--- 2 root sys 96 Apr 19 17:44 D
drwxrwx--- 2 root sys 96 Apr 19 17:44 E
........
for a user called jojo it is under
drwxrwx--- 2 root sys 96 Apr 19 17:44 j
-rw-rw-r-- 1 root root 113 Apr 19 17:44 /tcb/files/auth/j/jojo

Remember PAP (a.k.a Pliz assign Points!)
Little learning is dangerous!
Reply
Niraj Kumar Verma
Trusted Contributor

тАО04-21-2002 07:57 PM

тАО04-21-2002 07:57 PM

Re: Restricting Wrong password retry attempts

Here is some tips to make the
system security a bit better.even theo your system is not a trusted system.

1. Password
==============================

Put hese entries to /etc/default/login
ABORT_LOGIN_ON_MISSING_HOMEDIR=1
MIN_PASSWORD_LENGTH=6
NOLOGIN=1
NUMBER_OF_LOGINS_ALLOWED=1


2.Tighten global privileges
============================
By default the CHOWN privilege is a global privilege and applies to all groups: 
$ getprivgrp
global privileges: CHOWN
Non-privileged users really don't need to be able to chown files to other users; in Linux for example, only the super-user may change the owner of a file. /sbin/init.d/set_prvgrp is executed by default at system startup and executes the command /usr/sbin/setprivgrp -f /etc/privgroup if /etc/privgroup exists. We can create a configuration file that will delete all privileges for all groups (see setprivgrp(1m)): 
# getprivgrp
global privileges: CHOWN
# echo -n >/etc/privgroup
# chmod 400 /etc/privgroup
# /sbin/init.d/set_prvgrp start
# getprivgrp
global privileges:
Niraj.Verma@philips.com
Reply
Varghese Mathew
Trusted Contributor

тАО04-21-2002 09:42 PM

тАО04-21-2002 09:42 PM

Re: Restricting Wrong password retry attempts

Salam,

Please refer to the below mentioned link. Its very useful.

http://www.unixadm.net/howto/etc-security.html.

Cheers !!!,
Varghese Mathew
Cheers !!!
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.