Novell Home

SECURITY: Deny access to accounts that mis-type passwords several times concurrently.

Novell Cool Solutions: Tip
By Chander Ganesan

Digg This - Slashdot This

Posted: 3 Nov 2005
 

PROBLEM: How do I deny login access/lock accounts for users who mis type their passwords more than a set number of times?

SOLUTION:

The faillog mechanism is designed to log login failures. By typing "faillog" at your shell prompt, you can obtain a list of users who have repeatedly tried to login and have failed.

The "faillog" is reset upon successful login - so once a user succeeds their failure count is set to 0.

You can limit the maximum number of login failures (system wide) by using the "faillog -m" option (specify the maximum number of failures allowed).

You can reset the fail count for a user (once a user has been "locked out" this is required to "unlock" him/her) using the "faillog -u username -r" command.

EXAMPLE:

Set the maximum number of login failures to 5:

At a terminal prompt, type faillog -m 5 and press ENTER.

Reset the login failures for the user "geeko":

At a terminal prompt, type faillog -u geeko -r and press ENTER.


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell