HPE Community
Operating System - HP-UX
1829752 Members
1769 Online
109992 Solutions
New Discussion

Trusted system misbehavior?

 
SOLVED
Go to solution
Matt Hearn
Regular Advisor

‎02-07-2006 07:24 AM

‎02-07-2006 07:24 AM

Trusted system misbehavior?

Hi all! We have a couple of systems here on which I set the number of incorrect logins to basically be unlimited (or so I believe):

modprdef umaxlntr=999

Nevertheless, users are getting locked out for trying too many times with the wrong password. The customer, as a result, is very frustrated; they have scripts with passwords hardcoded into them (that date from the 15th century BC, and they simply refuse to change things) that can't access the system when the accounts lock.

I realize that the security implications of all this are abominable, but I need to figure out how to definitively turn off "locking the account after so many bad logins." Is there a way to do this? Have I just screwed it up?

Thanks!
0 Kudos
Reply
4 REPLIES 4
Jeff_Traigle
Honored Contributor

‎02-07-2006 07:32 AM

‎02-07-2006 07:32 AM

Solution

Re: Trusted system misbehavior?

If they run automated scripts, they could hit 999 in no time. Setting the value to 0 makes it infinite. See modprpw(1M). I think I would use modprpw for the individual accounts instead of making it a system-wide default though.
--
Jeff Traigle
Reply
Mark Nieuwboer
Esteemed Contributor

‎02-07-2006 07:41 AM

‎02-07-2006 07:41 AM

Re: Trusted system misbehavior?

Hi Matt,

Sorry to say but how can the give the wrong password if it's hardcoded in the scripts.
If it's going wrong they are to blame.
Also make sure the are responsible if there is a security issue. Now you are hold responsible for the security but the want no security. If you are going through with this you must do /usr/lbin/modprpw -m umaxlntr=0 userid. Also make sure the password never expires.

But still this is not recommanded you are creating a security issue.

grtz. Mark

0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎02-07-2006 07:43 AM

‎02-07-2006 07:43 AM

Re: Trusted system misbehavior?

Shalom,

Check with sam the default user properties.

lastb

This command will let you know if there really have been bad logins.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Sundar_7
Honored Contributor

‎02-07-2006 08:21 AM

‎02-07-2006 08:21 AM

Re: Trusted system misbehavior?

Matt,

I doubt the problem is with the number if incorect logins. What is the password aging policy for the users ? - If the user didnt change the password before the "lifetime" , the account will get locked out.

Again, I agree with the above post , how can they feed the wrong password if it is hardcoded.

Post the output of /usr/lbin/getprdef -p

Sundar.
Learn What to do ,How to do and more importantly When to do ?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.