[Freeipa-users] pam_tally for FreeIPA?
David Robinson
zxvdr.au at gmail.com
Fri Jun 5 15:01:27 UTC 2009
Hi all,
Is there a pam_tally sort of equivalent for FreeIPA? I'd like to be
able to centralize the lockout (ie pam_tally) policy, eg. after X
failed login attempts lock the account, optionally automatically
unlock after X mins. Locking an account would lock it for the entire
realm instead of the local system.
One of the criteria (8.5.13 and 8.5.14) for the payment card
industry's data security standards is that an account be locked after
6 incorrect login attempts. I couldn't see anything that addresses the
criteria on the requirements doc for FreeIPA v2, and I couldn't find
the feature in v1. Is this something that is being considered, or is
pam_tally the way to go?
--Dave
More information about the Freeipa-users
mailing list