LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-25-2009, 10:51 AM   #1
depam
Member
 
Registered: Sep 2005
Posts: 855

Rep: Reputation: 30
where to set maximum login retries and automatically lock users


Hi,

I am using CentOS 4.4. How can I set automatic locking of password after 3 times login failure? Thanks.
 
Old 03-25-2009, 11:02 AM   #2
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 23,275

Rep: Reputation: 6523Reputation: 6523Reputation: 6523Reputation: 6523Reputation: 6523Reputation: 6523Reputation: 6523Reputation: 6523Reputation: 6523Reputation: 6523Reputation: 6523
Quote:
Originally Posted by depam View Post
Hi,

I am using CentOS 4.4. How can I set automatic locking of password after 3 times login failure? Thanks.
From a brief Google search, this page may help you.
http://www.cyberciti.biz/tips/lock-u...-attempts.html
 
Old 03-25-2009, 05:39 PM   #3
rweaver
Senior Member
 
Registered: Dec 2008
Location: Louisville, OH
Distribution: Debian, CentOS, Slackware, RHEL, Gentoo
Posts: 1,833

Rep: Reputation: 166Reputation: 166
Quote:
Originally Posted by depam View Post
Hi,

I am using CentOS 4.4. How can I set automatic locking of password after 3 times login failure? Thanks.
Locking accounts after three incorrect attempts isn't a good idea in many cases, are you sure this is the correct solution for your problem?
 
Old 03-25-2009, 09:30 PM   #4
depam
Member
 
Registered: Sep 2005
Posts: 855

Original Poster
Rep: Reputation: 30
TBOne,

Should I have PAM enabled first? Is this a service that I need to incorporate with sshd? Thanks.

rweaver,

This is for compliance with our Audit. Thanks also.
 
Old 03-26-2009, 10:24 AM   #5
tanveer
Member
 
Registered: Feb 2004
Location: e@rth
Distribution: RHEL-3/4/5,Gloria,opensolaris
Posts: 525

Rep: Reputation: 37
HOPE THIS HELPS.
If failed login attempt 5 times then account will be locked and the unlock time will be 60 secs.
Code:
** Account auto unlock option is available in later versions of RHEL-4 Update 2. It has to be done manually. 

# vi /etc/pam.d/system-auth     [ This setting only works for RHEL- 5.x ]

auth        required      pam_env.so
auth        required      pam_tally.so onerr=fail deny=5 unlock_time=60
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        required      pam_deny.so

account     required      pam_unix.so

account     required      pam_tally.so reset
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3 minlen=8 lcredit=1 ucredit=1 dcredit=1 ocredit=1  

password    sufficient    pam_unix.so md5 remember=2 shadow nullok try_first_pass use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_unix.so
 
Old 03-30-2009, 09:57 PM   #6
depam
Member
 
Registered: Sep 2005
Posts: 855

Original Poster
Rep: Reputation: 30
Thanks everyone. Its working now.
 
Old 03-31-2009, 12:31 AM   #7
EclipseAgent
Member
 
Registered: Oct 2005
Location: California
Distribution: SLED 10, openSuSE 10.2, Ubuntu Drapper
Posts: 713

Rep: Reputation: 30
Actually .. having unlock_time using tally.so depends on what version of pam you're using..

In RHEL4, it is tally2.so that has unlock_time

Also, if using traditional / older version make sure you use no_magic_root ... read the man pages on pam to make sure you don't leave your machine unusable
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Maximum Users? wcole Linux - Newbie 5 09-07-2006 10:57 PM
What's the maximum number of users on Linux? Kaj Linux - Newbie 5 11-29-2004 03:35 AM
maximum possible users nadine.mauch Linux - General 1 10-07-2004 04:30 AM
Can't set maximum refresh rate dahonk Linux - Hardware 2 07-13-2004 02:12 AM
Num lock key went off automatically reaky Linux - Software 2 06-07-2004 07:15 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:33 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration