SEO

#1 (**permalink**) 01-16-2008, 10:35 AM

Hi All,

How to enable account lock out policy after 3 retries. yes for all
users we can implement the /etc/default/login RETRIES=5 or 3 for all
system users. If specifically i need to exclude the root,oracle or
some system accounts not to lock out .how can these be done?

Prak

#2 (**permalink**) 01-16-2008, 10:35 AM

prak <[email protected]> writes:

>How to enable account lock out policy after 3 retries. yes for all
>users we can implement the /etc/default/login RETRIES=5 or 3 for all
>system users. If specifically i need to exclude the root,oracle or
>some system accounts not to lock out .how can these be done?

That's a feature new in S10 (which has been out for nearly three
years now) and not available in S9.

Casper
--
Expressed in this posting are my opinions. They are in no way related
to opinions held by my employer, Sun Microsystems.
Statements on Sun products included here are not gospel and may
be fiction rather than truth.

#3 (**permalink**) 01-16-2008, 10:35 AM

On Nov 26, 9:46 pm, Casper H.S. Dik <[email protected]> wrote:
> prak <[email protected]> writes:
> >How to enable account lock out policy after 3 retries. yes for all
> >users we can implement the /etc/default/login RETRIES=5 or 3 for all
> >system users. If specifically i need to exclude the root,oracle or
> >some system accounts not to lock out .how can these be done?
>
> That's a feature new in S10 (which has been out for nearly three
> years now) and not available in S9.
>
> Casper
> --
> Expressed in this posting are my opinions. They are in no way related
> to opinions held by my employer, Sun Microsystems.
> Statements on Sun products included here are not gospel and may
> be fiction rather than truth.

Hi Casper,

Thanks for your reply. By default even the /etc/default/login Retries
does not work for all system users in solaris 9. If you need to
implement the account lockout policy for all users then we need to
load the third party pam module. i had downlaoded from
http://www.comsmiths.com.au/pam/v1.05/ and installed the
PAM_LOGIN_LIMIT module and edited the /etc/pam.conf with above
mentioned PAM module i'm only able to implement the system wide
account lockout policy. But i was not able to exclude the specific
account like root,oracle if you find anything please let me know.

Thanks,
Prakash

#4 (**permalink**) 01-16-2008, 10:35 AM

In article
<86794ee1-c9a3-49c1-a117-26112e8b4ac8@s36g2000prg.googlegroups.com>,
prak <[email protected]> wrote:

> On Nov 26, 9:46 pm, Casper H.S. Dik <[email protected]> wrote:
> > prak <[email protected]> writes:
> > >How to enable account lock out policy after 3 retries. yes for all
> > >users we can implement the /etc/default/login RETRIES=5 or 3 for all
> > >system users. If specifically i need to exclude the root,oracle or
> > >some system accounts not to lock out .how can these be done?
> >
> > That's a feature new in S10 (which has been out for nearly three
> > years now) and not available in S9.
> >
> > Casper
> > --
> > Expressed in this posting are my opinions. They are in no way related
> > to opinions held by my employer, Sun Microsystems.
> > Statements on Sun products included here are not gospel and may
> > be fiction rather than truth.
>
> Hi Casper,
>
> Thanks for your reply. By default even the /etc/default/login Retries
> does not work for all system users in solaris 9. If you need to
> implement the account lockout policy for all users then we need to
> load the third party pam module. i had downlaoded from
> http://www.comsmiths.com.au/pam/v1.05/ and installed the
> PAM_LOGIN_LIMIT module and edited the /etc/pam.conf with above
> mentioned PAM module i'm only able to implement the system wide
> account lockout policy. But i was not able to exclude the specific
> account like root,oracle if you find anything please let me know.
>
> Thanks,
> Prakash

As Casper said, this feature, I think with the individual account
disabling feature you want is part of Solaris 10, not in Solaris 9. You
can accomplish the system-wide Denial of Service "Policy" (also known as
a security feature by some clueless PHBs and auditors) with your PAM
module. You might keep searching for a better implementation that
allows an exception list if such a thing exists. Otherwise, you've got
two options--enhance your PAM module to incorporate an exception list if
you have source (the link you gave seems to be to Solaris packages which
I can't parse) or upgrade to Solaris 10.

Good luck...

--
DeeDee, don't press that button! DeeDee! NO! Dee...

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

SEO

how to enable account lockout policy in solaris 9