limit login attempts with pam
Lowell Gilbert
freebsd-questions-local at be-well.ilk.org
Thu Jul 29 05:57:00 PDT 2004
Redmond Militante <r-militante at northwestern.edu> writes:
> hello
>
> i'm interested in configuring PAM on my 4x system so that a user is locked out of ignored if trying to log in unsuccessfully via ftp within the space of a minute or so. i'm trying to eliminate brute force attacks...
>
>
> can anyone point me towards some good tutorials on how to do this?
Good tutorials? I don't know, but there is source for the pam_tally
module included in the tree on my -STABLE machine.
Think it over carefully before enabling this kind of capability,
though; you may be making brute force attacks somewhat harder, but a
denial-of-service attack on specific users will become trivial.
--
Lowell Gilbert, embedded/networking software engineer, Boston area
http://be-well.ilk.org:8088/~lowell/
More information about the freebsd-questions
mailing list