SECURITY: Deny access to accounts that mis-type passwords several times concurrently.
Novell Cool Solutions: Tip
By Chander Ganesan
Digg This -
Posted: 3 Nov 2005
PROBLEM: How do I deny login access/lock accounts for users who mis type their passwords more than a set number of times?
The faillog mechanism is designed to log login failures. By typing "faillog" at your shell prompt, you can obtain a list of users who have repeatedly tried to login and have failed.
The "faillog" is reset upon successful login - so once a user succeeds their failure count is set to 0.
You can limit the maximum number of login failures (system wide) by using the "faillog -m" option (specify the maximum number of failures allowed).
You can reset the fail count for a user (once a user has been "locked out" this is required to "unlock" him/her) using the "faillog -u username -r" command.
Set the maximum number of login failures to 5:
At a terminal prompt, type faillog -m 5 and press ENTER.
Reset the login failures for the user "geeko":
At a terminal prompt, type faillog -u geeko -r and press ENTER.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com