LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (https://www.linuxquestions.org/questions/linux-general-1/)
-   -   one time password wrong,system goes to shutdown (https://www.linuxquestions.org/questions/linux-general-1/one-time-password-wrong-system-goes-to-shutdown-734701/)

srinivasmiriyalu 06-22-2009 03:23 AM
one time password wrong,system goes to shutdown
 
hi friends
here is my question
In login screen,after entering the username we need to enter password,if password is correct we can log into GUI, if password is wrong,again we need to enter user name and password,But what i want to do is if entered password is wrong at first-attempt,then immediately system goes to shutdown...how can i do this.. anybody have idea

JulianTosh 06-22-2009 04:18 AM
Sounds like you're creating a Denial of Service vulnerability on yourself... there are controls in place to lock an account after any number of failed attempts - rather than shutting down the whole system and making it unavailable to all accounts/users/clients.

If this is of interest to you, check out /etc/pam.d/system-auth. look for 'deny' and 'unlock_time' parameters to set how many failed login it takes to lock the account and for how long to lock it...

srinivasmiriyalu 06-23-2009 12:50 AM
one time password wrong,system goes to shutdown
 
well,Thanks for your reply
but i want to do is shutdown the system if first attempt is wrong
i dont want to lock the user account
do you have any idea

JulianTosh 06-23-2009 01:49 AM
Found this for you...

Quote:
For the most basic functionality, you could simply edit /etc/pam.d/common-auth and change it to the following:

auth sufficient pam_unix.so nullok_secure
auth required pam_exec.so shutdown -h now

This will cause the system to shutdown after ANY failed password attempt that uses PAM. For more control, you could instead have pam_exec run a custom script that, say for example, uses a counter method (so it only shuts down after 5 failed logins), or you could edit each application's PAM configuration separately. Add the pam_exec line to /etc/pam.d/gnome-screensaver, for instance, to only have it affect the locked screen.
Please reply with an update if this works for you.

srinivasmiriyalu 06-26-2009 05:44 AM
one time password wrong,system goes to shutdown
 
thanks Beotch
unfortunately i was unable to locate /etc/pam.d/common-auth btw i am using solaris express developer edition 1/08 do you have any idea about that file..where can i find in my system

JulianTosh 06-26-2009 10:59 AM
Sorry, I havent used solaris in yearrrrrs.


All times are GMT -5. The time now is 12:14 PM.