45 Minute lockout configuration

tonyfreeman · 10-28-2004, 12:09 PM

Does anyone know if it is possible to configure things using pam.d/login.defs/etc so that:

If a user fails to login after 5 attempts, the account is locked for 45 minutes.

Is this somehow possible? Or should I forget about trying for this type of functionality.

-- Tony

acid_kewpie · 10-28-2004, 01:18 PM

that's seems pretty straight forward just read the login.defs manpage:

/etc/login.defs

Code:

LOGIN_RETRIES        5
FAIL_DELAY              2700

isn't that what you want?

Cerbere · 10-29-2004, 04:48 AM

Double-posting is against the rules. If you aren't satisfied with the response to your thread, wait at least 24 hours then bump that thread. Re-posting the question breaks up the discussion and makes the search function in the forum less effective.

Enjoy!
--- Cerbere

tonyfreeman · 10-29-2004, 02:29 PM

Thanks acid_kewpie, et al:

I've entered the configuration and gave it a try with a testing user. I've tried to login 7 times in a row, giving a bad password each time - but on the 8th time I can still login without delay or a warning.

Would pam.d somehow interfer with this functionality? I have pam_tally.so to disable an account after 10 failed attemps.

-- Tony

PS ... I'll try to watch double posting ;-)

m_shroom · 10-31-2004, 12:29 AM

Did you reboot before testing ?
Many configuration changes only take effect if a module is stopped and restarted, the configuration being read when it starts then held in memory.