From owner-freebsd-questions@FreeBSD.ORG Tue Feb 5 07:01:22 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E7B4016A417 for ; Tue, 5 Feb 2008 07:01:22 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from smtp.infracaninophile.co.uk (gate6.infracaninophile.co.uk [IPv6:2001:8b0:151:1::1]) by mx1.freebsd.org (Postfix) with ESMTP id 4604113C457 for ; Tue, 5 Feb 2008 07:01:22 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [IPv6:::1]) by smtp.infracaninophile.co.uk (8.14.2/8.14.2) with ESMTP id m1571GaJ049672; Tue, 5 Feb 2008 07:01:17 GMT (envelope-from m.seaman@infracaninophile.co.uk) X-DKIM: Sendmail DKIM Filter v2.4.4 smtp.infracaninophile.co.uk m1571GaJ049672 Authentication-Results: smtp.infracaninophile.co.uk; dkim=hardfail (SSP) header.i=unknown Message-ID: <47A809BC.2000608@infracaninophile.co.uk> Date: Tue, 05 Feb 2008 07:01:16 +0000 From: Matthew Seaman Organization: Infracaninophile User-Agent: Thunderbird 2.0.0.9 (X11/20080122) MIME-Version: 1.0 To: Chuck Swiger References: <4E314437-2B3E-4FC1-9825-5E08DA278635@mac.com> In-Reply-To: <4E314437-2B3E-4FC1-9825-5E08DA278635@mac.com> X-Enigmail-Version: 0.95.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-3.0 (smtp.infracaninophile.co.uk [IPv6:::1]); Tue, 05 Feb 2008 07:01:17 +0000 (GMT) X-Virus-Scanned: ClamAV 0.92/5691/Tue Feb 5 02:12:57 2008 on happy-idiot-talk.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,NO_RELAYS autolearn=ham version=3.2.4 X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on happy-idiot-talk.infracaninophile.co.uk Cc: Tuan Ho , freebsd-questions@freebsd.org Subject: Re: Help on freeBSD 4.10 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Feb 2008 07:01:23 -0000 Chuck Swiger wrote: > On Feb 4, 2008, at 2:31 PM, Tuan Ho wrote: >> 1/ >> As an administrator, how can i disable an account after three >> consecutive unsuccessful login attempts? > > As root, you could run: > > chsh -s /usr/sbin/nologin _user_ Um... I don't think that's quite what the OP meant. He wants to automatically lock out anyone that fails 3 times to supply the right password. See login.conf(5), particularly these entries: login-backoff number 3 The number of login attempts allowed before the backoff delay is inserted after each subsequent attempt. The backoff delay is the number of tries above login-backoff multiplied by 5 seconds. login-retries number 10 The number of login attempts allowed before the login fails. Note that this applies only to the login(1) program and so applies to textmode logins directly on the console. Other applications like xdm(1) have different controls, as do applications that provide remote access like ssh(1). Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW