From owner-freebsd-questions@FreeBSD.ORG Wed Aug 6 06:32:04 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C5DD71065670 for ; Wed, 6 Aug 2008 06:32:04 +0000 (UTC) (envelope-from khachatur.shahinyan@arca.am) Received: from mu-out-0910.google.com (mu-out-0910.google.com [209.85.134.187]) by mx1.freebsd.org (Postfix) with ESMTP id 605EA8FC18 for ; Wed, 6 Aug 2008 06:32:03 +0000 (UTC) (envelope-from khachatur.shahinyan@arca.am) Received: by mu-out-0910.google.com with SMTP id i2so2427536mue.3 for ; Tue, 05 Aug 2008 23:32:02 -0700 (PDT) Received: by 10.103.223.20 with SMTP id a20mr1179520mur.86.1218002593355; Tue, 05 Aug 2008 23:03:13 -0700 (PDT) Received: from ?192.168.1.80? ( [91.199.226.101]) by mx.google.com with ESMTPS id w5sm30100485mue.11.2008.08.05.23.03.12 (version=SSLv3 cipher=RC4-MD5); Tue, 05 Aug 2008 23:03:12 -0700 (PDT) Message-ID: <48993E71.9090008@arca.am> Date: Wed, 06 Aug 2008 11:02:25 +0500 From: Khachatur Shahinyan User-Agent: Thunderbird 2.0.0.14 (Windows/20080421) MIME-Version: 1.0 To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Freebsd auto locking users X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Aug 2008 06:32:04 -0000 Dear FreeBsd gurus, I have a problem concerning users password and authentication policies. The goal is 1)make freebsd to lock users after 3 unsuccessful login attempts, 2)force users to change their passwords every 90 days I've done such changes in Linux distros, with various PAM modules.But in Freebsd it seems that i need to use login.conf file. Here I made necessary changes in that file: >>>>>> default:\ ............. ............. ............. :login-retries=1:\ :passwordtime=90d:\ :warnpassword=7d:\ :warnexpire=7d:\ >>>>>>> Then I made the cap_mkdb /etc/login.conf , and everything went normal, no error messages, but after adding a test user I see no changes in the master.passwd file. The fields which are reserved for password aging parameters are 0:0 test:$1$F9yf.PuK$xqIsGEgK3MexpPZ4UBav0.:1001:1001::0:0:User &:/home/test:/bin/sh And the locking point does not work either, e.g. no matter how many times I input wrong password, I'm still able to login. :( I cannot understand what I'm doing wrong, and what should be done solve this issues? I'm not an expert Freebsd administration, so any comments and suggestions are welcome. Thank You Khachatur Shahinyan