>> I know you don't think so (yet) but that is a very bad idea. It
>> enables a denial of service attack. A valid user can be locked out by
>> an attacker. That is bad.
You're absolutely right; unfortunately, I'm attempting to bring old systems in
line with unbending corporate security policy
I'm attempting to configure Debian 4.0 to lock user accounts after 3 failed
login attempts.
I've added:
account requiredpam_tally.so onerr=fail deny=3
as the first non-commented line in /etc/pam.d/common-account and
auth requiredpam_tally.so per_user magic_root onerr=fail
2 matches
Mail list logo
