From owner-freebsd-questions@FreeBSD.ORG Wed Aug 6 13:33:09 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 006AE1065674 for ; Wed, 6 Aug 2008 13:33:08 +0000 (UTC) (envelope-from kdk@daleco.biz) Received: from ezekiel.daleco.biz (southernuniform.com [66.76.92.18]) by mx1.freebsd.org (Postfix) with ESMTP id A45F18FC12 for ; Wed, 6 Aug 2008 13:33:08 +0000 (UTC) (envelope-from kdk@daleco.biz) Received: from localhost (localhost [127.0.0.1]) by ezekiel.daleco.biz (8.13.8/8.13.8) with ESMTP id m76DX0Er076669; Wed, 6 Aug 2008 08:33:00 -0500 (CDT) (envelope-from kdk@daleco.biz) X-Virus-Scanned: amavisd-new at daleco.biz Received: from ezekiel.daleco.biz ([127.0.0.1]) by localhost (ezekiel.daleco.biz [127.0.0.1]) (amavisd-new, port 10024) with LMTP id s-F6X9O3OQ4b; Wed, 6 Aug 2008 08:32:57 -0500 (CDT) Received: from archangel.daleco.biz (dsl.daleco.biz [209.125.108.70]) by ezekiel.daleco.biz (8.13.8/8.13.8) with ESMTP id m76DWq1a076663; Wed, 6 Aug 2008 08:32:54 -0500 (CDT) (envelope-from kdk@daleco.biz) Message-ID: <4899A7FF.50601@daleco.biz> Date: Wed, 06 Aug 2008 08:32:47 -0500 From: Kevin Kinsey User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.8.1.16) Gecko/20080719 SeaMonkey/1.1.11 MIME-Version: 1.0 To: Khachatur Shahinyan References: <48993E71.9090008@arca.am> In-Reply-To: <48993E71.9090008@arca.am> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: Freebsd auto locking users X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Aug 2008 13:33:09 -0000 Khachatur Shahinyan wrote: > Dear FreeBsd gurus, I have a problem concerning users password and > authentication policies. The goal is > 1)make freebsd to lock users after 3 unsuccessful login attempts, > 2)force users to change their passwords every 90 days > > I've done such changes in Linux distros, with various PAM modules.But in > Freebsd it seems that i need to use login.conf file. I think you want PAM in FreeBSD also. Check http://www.freebsd.org/doc/en/articles/pam/index.html > Here I made > necessary changes in that file: > >>>>>> > default:\ > ............. > ............. > ............. :login-retries=1:\ > :passwordtime=90d:\ > :warnpassword=7d:\ > :warnexpire=7d:\ > >>>>>>> > Then I made the cap_mkdb /etc/login.conf , and everything went normal, > no error messages, but after adding a test user I see no changes in the > master.passwd file. > The fields which are reserved for password aging parameters are 0:0 > test:$1$F9yf.PuK$xqIsGEgK3MexpPZ4UBav0.:1001:1001::0:0:User > &:/home/test:/bin/sh > > And the locking point does not work either, e.g. no matter how many > times I input wrong password, I'm still able to login. :( > I cannot understand what I'm doing wrong, and what should be done solve > this issues? I'm not an expert Freebsd administration, so any comments > and suggestions are welcome. Kevin Kinsey -- //GO.SYSIN DD *, DOODAH, DOODAH