Operating System - HP-UX
1748163 Members
3657 Online
108758 Solutions
New Discussion юеВ

Re: /tcb, u_maxtries and various other vars

 
john guardian
Super Advisor

/tcb, u_maxtries and various other vars

Machine is 11.23 and uses TCB.

In checking /tcb/files/auth/system/default for u_maxtries, it was found to be 0 (NG).

I need to change it and several other vars to control login timeout value (30-45 secs) and time between login attempts (5 or more secs).

Is SAM the best approach?

What file/db (if any) holds the values for these other control vars?

Thx.
5 REPLIES 5
Mel Burslan
Honored Contributor

Re: /tcb, u_maxtries and various other vars

the file you are looking for (for changing these globally) is /etc/default/security

Hope this helps
________________________________
UNIX because I majored in cryptology...
john guardian
Super Advisor

Re: /tcb, u_maxtries and various other vars

/tcb. In other words, I'm talking about Trusted Systems.

On the manpage for security:


AUTH_MAXTRIES This attribute controls whether an account is locked after too many consecutive
authentication failures.

It does not apply to trusted systems.

Mel Burslan
Honored Contributor

Re: /tcb, u_maxtries and various other vars

It can be placed it /etc/default/security but effectiveness of this setting is dependent on using PAM with ldap module accourding to this document. I have never configured it from scratch and took it for granted. So, I really don't know how the mechanics work. But here's the document:

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&taskId=110&prodSeriesId=4164814&prodTypeId=18964&objectID=c02538590

also see this old forum thread:

http://h30499.www3.hp.com/t5/System-Administration/AUTH-MAXTRIES-not-working-in-HP-UX-11-31/m-p/5235169#M468988


information combined in both of them, may help you.

________________________________
UNIX because I majored in cryptology...
john guardian
Super Advisor

Re: /tcb, u_maxtries and various other vars

The link provided clearly speaks to Std Mode and /etc/shadow, something that is not applicable to Trusted Mode.

Anybody else... please?



Ismail Azad
Esteemed Contributor

Re: /tcb, u_maxtries and various other vars

Hey john,

Have always read in quiet a few places, one thing that HP reccommends for conversion to a trusted system is SAM. But that is for "conversion". Anyways although the *logout* term has been sort of an emptiness to me as far as a trusted system is concerned, I did come accross a database for one of the other control vars as you put it.

Speaking int terms of,

> time between login attempts.

The database for this control var as you put it is what is termed as u_llogin which hopefully you can modify with modprpw with the llog=value. However this specific database consists of time between *logins* and not *attempts*.

Regards
Ismail Azad


Read, read and read... Then read again until you read "between the lines".....