Hello,
It is to my understanding that when configuring the Solaris operating system to meet compliance standards, you must configure the "LOCK_AFTER_RETRIES" value in the "/etc/security/policy.conf" file to "YES", and then configure the "RETRIES" parameter in the "/etc/default/login" file to the number of retries you wish to allow users before they are locked out.
However, is there any way to configure the OS so that user accounts are automatically unlocked after a specified period of time? I have tried setting the "DISABLETIME" parameter in the "/etc/default/login" file to 900 seconds (15 minutes) to configure this, but accounts I have locked out remain locked out, even after 15 minutes. Is this perhaps configurable from the PAM module? Or will the system always require manual intervention from an administrator using the "passwd" command to unlock accounts that have been locked out?
Thank you!