|
| Denial of service is not a problem. Our machine is on an internal
network only.
It does log failed login attempts.
What we are trying to do is standard in all large companies for their
employees. It's also standard for health sites and bank sites. Too
many incorrect login attempts disables the account.
I know there are ways to do this manually which would require writing
our own login script. What I'm after is a system function that does
it. I believe it's there I just don't know where to look.
This request is becoming a company standard. It's a huge health
insurance company with about 60,000 employees. They want to
standardize procedures in all offices (good luck!). Anyway, someone
will be coming to scrutinize our security methods and this has to be
one of them. Believe me I wouldn't be doing this if I didn't have to.
"vilain@spamcop.net" <michael.vilain@gmail.com> wrote in message news:<1102202809.388515.101270@f14g2000cwb.googlegroups.com>...
> Another has already said this isn't a Good Thing (tm) because of the
> possibility for denial of service. Where is this requirement coming
> from? Security auditors or some new PHB who doesn't know their tush
> from toilet paper?
>
> As you've discovered, older systems don't do this unless you hack them.
> Unless your OS detects password failure attempts and logs them, you'll
> have to get source code to do modifications (got source?). Then you
> could scan the log file for the attempts and somehow disable the
> account. All this has to be done very carefully as to not corrupt the
> password file and make the system completely unusable.
>
> Go back and ask the requester how important this is and how much effort
> they're willing to invest. Also ask who's responcible for coming in
> after hours to unlock an account when some manager can't get in because
> they forgot their password.
|
|