You might set the following:
Code:
UsePAM yes
ChallengeResponseAuthentication=no
If that doesn't work, then in Solaris 10 the password string has
*LK* prepended to it, so it can be removed with:
restoring the old password. This won't work in Solaris 9 coz
*LK* replaces the password string in the second field, instead of just being prepended to it.
If you:
Code:
grep "*LK*" /etc/shadow
it should return the list of locked out users so you can write a script to unlock all of them with '
passwd -u <username>' or '
passwd -uf <username>'. Then run the script via cron according to your interval
'
passwd -f <username>' will force the expiry of the password, if you want to force the user to change their passwd at the next login.
Forcing the user to change their password after it being locked out is not a bad idea, IMO, to assist in curbing forgetfulness of passwords.
I hope that helps