atom feed8 messages in org.freebsd.freebsd-securityFreebsd auto locking users
FromSent OnAttachments
Khachatur ShahinyanSep 12, 2008 10:42 pm 
Toby BurressSep 12, 2008 11:35 pm 
Jon PasskiSep 13, 2008 6:48 am 
moussSep 13, 2008 1:46 pm 
Robert WatsonSep 14, 2008 3:12 am 
Micheas HermanSep 14, 2008 3:28 am 
moussSep 14, 2008 4:04 am 
Khachatur ShahinyanSep 15, 2008 11:30 pm 
Subject:Freebsd auto locking users
From:Khachatur Shahinyan (khac@arca.am)
Date:Sep 12, 2008 10:42:06 pm
List:org.freebsd.freebsd-security

Dear FreeBsd gurus, I have a problem concerning users password and authentication policies. The goal is 1)make freebsd to lock users after 3 unsuccessful login attempts, 2)force users to change their passwords every 90 days

I've done such changes in Linux distros, with various PAM modules.But in Freebsd it seems that i need to use login.conf file. Here I made necessary changes in that file:

default:\ ............. ............. ............. :login-retries=1:\ :passwordtime=90d:\ :warnpassword=7d:\ :warnexpire=7d:\

Then I made the cap_mkdb /etc/login.conf , and everything went normal, no error messages, but after adding a test user I see no changes in the master.passwd file. The fields which are reserved for password aging parameters are 0:0 test:$1$F9yf.PuK$xqIsGEgK3MexpPZ4UBav0.:1001:1001::0:0:User &:/home/test:/bin/sh

And the locking point does not work either, e.g. no matter how many times I input wrong password, I'm still able to login. :( I cannot understand what I'm doing wrong, and what should be done solve this issues? I'm not an expert Freebsd administration, so any comments and suggestions are welcome.