account lockout + timeout

Andy Armstrong andy at hexten.net
Sat May 28 12:27:51 UTC 2005


On 25 May 2005, at 20:26, andysayshi wrote:
> Using pam_tally on an RH 7.2 (2.4.18-19.7.xsmp) server, i have updated
> system-auth to lock users account for those who attempted 6 or more
> consecutive unsuccessfull logins. This works. What I'd like to do now
> is have those accounts disabled for 30 minutes and be unlocked when
> the 30 minutes passes.
>
> So far I've been unsuccesfull in doing this, any
> suggestions/links/comments on how to do this is greatly appreciated.

Apologies for the plug but pam_abl[1] will do this and also do IP  
based locking which is typically more useful than account based  
locking in the face of brute force attacks.

[1] http://hexten.net/sw/pam_abl/index.mhtml

-- 
Andy Armstrong, hexten.net




More information about the Pam-list mailing list