Hello;
I am moving a customer from Solaris 2.6 to Solaris 2.8. The customer has requested the following two requirements also be implemented:
Lock a user account out for X number of days after 3 unsuccessful login attempts.
No reuse of the last 5-10 passwords. Also referred to as password history.
Solaris 8 does not natively support these.
I have read up on epasswd and npasswd they do not meet these requirements either. Any suggestions and all help will be appreciated.
Solaris depends on PAM modules to make the login process more robust. There are some free PAM modules that do do what you are describing.
PAM_login_limit - locks an account after a number of incorect login attempts.
PAM_remote_hosts - provides TCP wrappers style control, but at the PAM level, so we also have control on user/host/service.
PAM_login_times - provides control over login times for users. Configurable on a 15 minute interval.
PAM_chroot - allows any account to be chrooted.
PAM_history - allows password reuse to be controlled over multiple password changes.
PAM_null - diagnostic and tracing module.
You can find the module source and binaries at Computer Smiths
Now the cautionary note. Using PAM third-party modules can introduce additional risk to any system.