| vilain@spamcop.net 2004-12-04, 6:03 pm |
| Another has already said this isn't a Good Thing (tm) because of the
possibility for denial of service. Where is this requirement coming
from? Security auditors or some new PHB who doesn't know their tush
from toilet paper?
As you've discovered, older systems don't do this unless you hack them.
Unless your OS detects password failure attempts and logs them, you'll
have to get source code to do modifications (got source?). Then you
could scan the log file for the attempts and somehow disable the
account. All this has to be done very carefully as to not corrupt the
password file and make the system completely unusable.
Go back and ask the requester how important this is and how much effort
they're willing to invest. Also ask who's responcible for coming in
after hours to unlock an account when some manager can't get in because
they forgot their password.
|