Date: Wed, 6 Aug 2003 15:35:27 -0700 (PDT) From: Michael Carlson <mcarlson@m87-blackhole.org> To: Chuck Swiger <cswiger@mac.com> Cc: freebsd-questions@freebsd.org Subject: Re: locking out user accounts after 3 login failures... Message-ID: <20030806152238.X16728@server.internal.m87-blackhole.org> In-Reply-To: <3F3174A4.1050704@mac.com> References: <20030806130814.B16596@server.internal.m87-blackhole.org> <3F3174A4.1050704@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 6 Aug 2003, Chuck Swiger wrote: > Michael Carlson wrote: > > My work requires mutliple user systems to automatically lock out a user > > account after 3 login authentication failures. I am running 5.1 and I have > > not seen anything like this in PAM or login.conf (though the is the > > login-backoff option, but thats not exactly what I want). > > Ugh. Explain what "denial of service" means by asking your boss what happens if > and when an annoyed employee enters the boss'es username and locks him out? I do not disagree, unfortunately this requirement is in a ancient DOE document, and they seem to hate change. > > It's reasonable to want to improve the security of reusable passwords, but > that's the wrong approach. Your boss should consider biometrics or smart cards > (SecurID)... > I am looking into this as well, as we have a SecurID ACE server (running on windows, another black mark) but it is unfamiliar territory to me. > -- > -Chuck > > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030806152238.X16728>