Prevent account from being locked out after X number of attempts
Hi all,
I have several crontab entries run as oracle user. I need to prevent oracle user from being locked when the max failed login is reached. Is there a way to prevent it from being locked even when the server is hardened? OS is SunOs. Thanks! |
crontab entries run as background jobs & do not require any passwords.
|
Are you getting an error that a user account actually is being locked, or is this a theoretical question?
|
Problem is when oracle users forget the password and by accident, they lock the accounts. The cronjobs wont run because the oracle account is locked. I want to prevent that feom happening. Thanks! :-)
|
I'm not specifically an Oracle guru, but you will need to have that configured in the Oracle configuration, not the Linux user configuration.
Configuring Authentication - Subsection Table 3-1 Password-Specific Settings in the Default Profile https://docs.oracle.com/database/121...n.htm#CHDEGBEG |
My bad. I might have worded it wrong. I meant "oracle" account users in SunOs. Account name is oracle.
|
If I remember right SunOS is not too terribly different and should use PAM authentication. Try the following command to try to trace down the specific configuration file causing the lockout.
grep 'deny=' /etc/pam.d/* You would see something like 'deny=5', more details found in the following article. How to lock users after 5 unsuccessful login tries? http://unix.stackexchange.com/questi...ul-login-tries |
But wont that affect every other user account? Is there a way to keep that setting but still make a specific account unlockable? Thanks!
|
Quote:
|
Great. Thanks man!
|
So here are the requirements:
oracle account does not lock after x number of failed logins oracle account cannot ssh directly - done sudoers cannot su to oracle account - done Im having difficulty with the first requirement. Any suggestions? Thanks! |
How about setting the account so it locks after 9,999,999 failed attempts? :D
|
Quote:
Thanks! |
Probably you should be using differnt users for your cron jobs and interactive logins.
|
Quote:
In any case, real users should have individual accts anyway (ask your auditor...) |
All times are GMT -5. The time now is 10:22 PM. |