Date: Thu, 25 Feb 1999 19:59:32 -0600 From: Alan Weber <aaweber@austin.rr.com> To: Matthew Hunt <mph@astro.caltech.edu> Cc: freebsd-questions@freebsd.org Subject: Re: Security question Message-ID: <19990225195931.A14743@austin.rr.com> In-Reply-To: <19990225162636.A46163@wopr.caltech.edu>; from Matthew Hunt on Thu, Feb 25, 1999 at 04:26:36PM -0800 References: <913B8C252194D2119BD500805F3181789704F6@za12nt02.mweb.com> <19990225162636.A46163@wopr.caltech.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Feb 25, 1999 at 04:26:36PM -0800, Matthew Hunt wrote: --> On Thu, Feb 25, 1999 at 09:23:03PM +0200, Langa Kentane wrote: --> --> > I have been caught up in the evil of Micro$oft for a while now. What I want --> > to know is whether or not there is some way in FreeBSD that you can lockout --> > an account after a certain number of unsuccessful logons. --> --> I don't know offhand how to do that, but one thing to keep in --> mind is that if you lock out a user because of too many unsuccessful --> logins, then anybody can deny service to one of your users by --> logging in unsuccessfully. --> --> That is, I might not want to break into your system, I just try --> logging in with your password and get you locked out in order to --> annoy you, distract you, keep you from getting work done, whatever. I have this feature set at work on an HP-UX machine. It is real annoying to have someone hammer root and lock out root. Then I have to go downstairs and do a real console login to change the damn password and reset the account. Since I dont spend much time as root, I only notice at the odd momement I have to do some admin. Novell Netware also has this ?feature? and I have seen it used for mischief on occasion. I would prefer to have the system insert an increasing delay that grows to 60 seconds or some configurable value with a decay to zero after a while. I still think that having a secure cryptic password should be adequate. One useful feature would be to add password policies to FreeBSD. Min length/format/etc. -- When I was a kid I had to rub sticks together to multiply and divide numbers. A calculator was a job description. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990225195931.A14743>