From: Green, Simon (Simon.Green@EU.ALTRIA.COM)
Date: Fri Oct 10 2003 - 04:10:35 EDT
As far as I know this is not a bug; it's just the way it's always worked.
("Failing as designed.") An su is not the same as a login; no-one has
logged in, so the unsuccessful login count is not reset.
One way is to beat up the people who are trying to log in, and failing:
disable the ID from logins, if that's not actually required.
If you want to reset it, you can use the chsec command:
chsec -f /etc/security/lastlog -a "unsuccessful_login_count=0" -s UserId
Simon Green
Altria ITSC Europe Ltd
AIX-L Archive at http://marc.theaimsgroup.com/?l=aix-l&r=1&w=2
AIX FAQ at http://www.faqs.org/faqs/aix-faq/
N.B. Unsolicited email from vendors will not be appreciated.
> -----Original Message-----
> From: Harvey, Bruce T. [mailto:BTHarvey@LMUS.LEGGMASON.COM]
> Sent: 09 October 2003 20:38
> To: aix-l@Princeton.EDU
> Subject: Login Attempts are cumulative on 'su-only' accounts
>
>
> We've noticed in our systems where a username is an 'su-only'
> username (for
> logging and auditing purposes so that we can track "who"
> became this user to
> effect a change), that the counts for unsuccessful login attempts is
> cumulative and not being reset with every successful attempt,
> as it is on
> our systems that are _not_ su-only accounts (where users tend
> to log in
> directly rather than be bothered by 'su-ing.'
>
> Besides setting the lockout number down to 0 so it never goes
> off, does
> anyone have an answer on how to reset it on the su-only
> accounts? Or is
> this a bug fixed in a later release? We're seeing it in our
> 4.3.3 ML06
> systems, and we don't see it that often, but we've just
> noticed the pattern,
> and we don't know whether to be concerned for our 5.1 and 5.2
> systems (I'll
> be doing some checking while sending this out to you folks).
> Anyone else
> run into this?
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:17:16 EDT