The request was from some security people for an internal network to prevent people from screwing around more than anything. Root would not be included and it would be pretty simple to defeat if you knew how to boot single user...
It was a dumb idea from dumb security people that really don't understand that there are better ways to handle things. Be that as it may, it was a requested feature from a customer...:) ======= At 2003-01-21, 13:09:00 you wrote: ======= > >> On Tue, 14 Jan 2003 22:13:11 -0500 >> Tony Preston <[EMAIL PROTECTED]> wrote: >> >> I have a client that would like his linux system to allow a user to >> try 3 times to login and if they keep making mistakes (or are trying >> to hack a password), disable that user until the root re-enables >> them. >> >> Has anyone see an option like this? > >I've seen it on other operating systems, but always recommend that you >NOT do this. A hacker could render your system unusable by simply >trying all your usernames until they're all locked out. > >If you do go ahead, you probably don't want to have root included in the >list of accounts to be locked out, or your paying customer will be >paying you lots to give him his system back. Or perhaps that's what you >do want :-). Of course, if root isn't in on the list of accounts to be >paranoid about, what is? > > .../Ed >-- >Ed Wilts, Mounds View, MN, USA >mailto:[EMAIL PROTECTED] >Member #1, Red Hat Community Ambassador Program = = = = = = = = = = = = = = = = = = = = Best regards. Tony Preston Cancer is Curable, Ask me why! [EMAIL PROTECTED] 2003-01-22 -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
