Solaris / OpenSolarisThis forum is for the discussion of Solaris, OpenSolaris, OpenIndiana, and illumos.
General Sun, SunOS and Sparc related questions also go here. Any Solaris fork or distribution is welcome.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Can you please or explain on how can I establish a setting for MAXIMUM BAD PASSWORD ENTRIES and on how to set a LOCK OUT timeout ? under Solaris 10 (CDE) .
I want to set the following:
Number of incorrect logins set to: 5
Acoount Lockout Policy set to: UNTIL ADMIN OR ROOT UNLOCKS IT.
Distribution: Solaris 10 (x86) and Windows XP Pro SP2
Posts: 596
Original Poster
Rep:
Im sorry...
Are you sure that this configuration setting is for logging in from the CDE Desktop...or....is this only for logging in from a Telnet session (like the one in the URL link)???
Distribution: Solaris 11.4, Oracle Linux, Mint, Debian/WSL
Posts: 9,789
Rep:
Quote:
Originally Posted by as400
Are you sure that this configuration setting is for logging in from the CDE Desktop...or....is this only for logging in from a Telnet session (like the one in the URL link)???
Possibly. Did you observe it doesn't works the expected way with CDE ?
Distribution: Solaris 10 (x86) and Windows XP Pro SP2
Posts: 596
Original Poster
Rep:
Well.....Guess what...i tried logging in under the CDE desktop screen and it does not work...I tried at least 5 times after I set the RETRIES to 3 login attempts...
So, it may work from a Telnet session...but how can I make it work when trying to login to the CDE Desktop??
Remember...I am logging using my own user account to the CDE Desktop....So is there a way to set the number of limits or retries when logging onto the CDE Desktop instead of a Telnet session???
Distribution: Solaris 10 (x86) and Windows XP Pro SP2
Posts: 596
Original Poster
Rep:
OK,
IM sorry.
Now I had enabled Telnet (svcadm enable telnet to...127.0.0.1), I had tried only 2 incorrect logins...and it then the third time I did it correctly and said...LAST LOGIN FAILURE occured at this date and so on.
But how come it does not work under the CDE desktop login screen?
Distribution: Solaris 10 (x86) and Windows XP Pro SP2
Posts: 596
Original Poster
Rep:
Ok,
Here I found the following lines in the /etc/pam.conf file
# Modules are defined with relative pathnames, i.e., they are
# relative to /usr/lib/security/$ISA. Absolute path names, as
# present in this file in previous releases are still acceptable.
#
# Authentication management
#
# login service (explicit because of pam_dial_auth)
#
login auth requisite pam_authtok_get.so.1
login auth required pam_dhkeys.so.1
login auth required pam_unix_cred.so.1
login auth required pam_unix_auth.so.1
login auth required pam_dial_auth.so.1
#
# rlogin service (explicit because of pam_rhost_auth)
#
rlogin auth sufficient pam_rhosts_auth.so.1
rlogin auth requisite pam_authtok_get.so.1
rlogin auth required pam_dhkeys.so.1
rlogin auth required pam_unix_cred.so.1
rlogin auth required pam_unix_auth.so.1
#
# Kerberized rlogin service
#
krlogin auth required pam_unix_cred.so.1
krlogin auth binding pam_krb5.so.1
krlogin auth required pam_unix_auth.so.1
#
# rsh service (explicit because of pam_rhost_auth,
# and pam_unix_auth for meaningful pam_setcred)
#
rsh auth sufficient pam_rhosts_auth.so.1
rsh auth required pam_unix_cred.so.1
#
# Kerberized rsh service
#
krsh auth required pam_unix_cred.so.1
krsh auth binding pam_krb5.so.1
krsh auth required pam_unix_auth.so.1
#
# Kerberized telnet service
#
ktelnet auth required pam_unix_cred.so.1
ktelnet auth binding pam_krb5.so.1
ktelnet auth required pam_unix_auth.so.1
#
# PPP service (explicit because of pam_dial_auth)
#
ppp auth requisite pam_authtok_get.so.1
ppp auth required pam_dhkeys.so.1
ppp auth required pam_unix_cred.so.1
ppp auth required pam_unix_auth.so.1
ppp auth required pam_dial_auth.so.1
#
# Default definitions for Authentication management
# Used when service name is not explicitly mentioned for authentication
#
other auth requisite pam_authtok_get.so.1
other auth required pam_dhkeys.so.1
other auth required pam_unix_cred.so.1
other auth required pam_unix_auth.so.1
#
# passwd command (explicit because of a different authentication module)
#
passwd auth required pam_passwd_auth.so.1
#
# cron service (explicit because of non-usage of pam_roles.so.1)
#
cron account required pam_unix_account.so.1
#
# Default definition for Account management
# Used when service name is not explicitly mentioned for account management
#
other account requisite pam_roles.so.1
other account required pam_unix_account.so.1
#
# Default definition for Session management
# Used when service name is not explicitly mentioned for session management
#
other session required pam_unix_session.so.1
#
# Default definition for Password management
# Used when service name is not explicitly mentioned for password management
#
other password required pam_dhkeys.so.1
other password requisite pam_authtok_get.so.1
other password requisite pam_authtok_check.so.1
other password required pam_authtok_store.so.1
#
# Support for Kerberos V5 authentication and example configurations can
# be found in the pam_krb5(5) man page under the "EXAMPLES" section.
#
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.