-   Solaris / OpenSolaris (
-   -   user lock/unlock by bad tries (

LinuxLover 07-03-2010 02:35 PM

user lock/unlock by bad tries

I am using Solaris 10. My requirement is that if a user 5 time wrong password his account should be lock for specific time period say for 10 minutes .

I am able to define these policies by


# vi /etc/default/login

and in

# /etc/security/policy

Now user is locked if he give 5 time wrong password.

Problem is that he DOES NOT unlock automaticllay as system suppose to unlock him after 5 minutes.And user status remains lock for infinite time and I have to unlock it manualy. How can I solve this.

tallship 07-04-2010 04:47 AM

You might set the following:


UsePAM yes


If that doesn't work, then in Solaris 10 the password string has *LK* prepended to it, so it can be removed with:


passwd -u username
restoring the old password. This won't work in Solaris 9 coz *LK* replaces the password string in the second field, instead of just being prepended to it.

If you:


grep "*LK*" /etc/shadow
it should return the list of locked out users so you can write a script to unlock all of them with 'passwd -u <username>' or 'passwd -uf <username>'. Then run the script via cron according to your interval

'passwd -f <username>' will force the expiry of the password, if you want to force the user to change their passwd at the next login.

Forcing the user to change their password after it being locked out is not a bad idea, IMO, to assist in curbing forgetfulness of passwords.

I hope that helps :)

tallship 10-26-2010 04:45 PM

Did that help out with your problem? Just following up and would like to know since it's not marked as solved :)

All times are GMT -5. The time now is 12:53 PM.