Lock users account after X attempts
David Mackintosh
David.Mackintosh at xdroop.com
Tue Aug 9 16:51:17 UTC 2005
On Mon, Aug 01, 2005 at 09:38:00PM -0500, Bob McClure Jr wrote:
> On Mon, Aug 01, 2005 at 06:14:32PM -0600, redhat at buglecreek.com wrote:
> > I need a way to lock a user account after 5 attempts. I know the
> > pam_tally module will do this, but it also applies to system accounts
> > and would require the use of the faillog command to get around this ( I
> > think). I would like to find another option to do this. Also, it would
> > be desirable to be able to lock it for a certain amount of time (say 15
> > minutes. Then allow users to try again.
> >
> > Redhat ES 4
> >
> > Thank You
>
> You don't mention where the attempts are being made, but I will assume
> you are trying to fend off the brute-force bad-password guessing
> attack on sshd. I found a solution that is working fine on five
> Fedora Core machines (some 1, 2, 3).
Personally, I go with the only-permit-known-connectors approach, with
a backdoor to permit myself to become "known" system.
See:
http://xdroop.dhs.org/space/Linux/Limited+SSH+Access
--
/\oo/\
/ /()\ \ David Mackintosh | Public Key:
dave at xdroop.com | http://www.xdroop.com/dave/gpg.html
$ gpg --recv-keys --keyserver subkeys.pgp.net 4C032504
Mystery attachment? http://xdroop.dhs.org/space/GPG
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/redhat-install-list/attachments/20050809/63b6a4d1/attachment.sig>
More information about the Redhat-install-list
mailing list