Proposal: lock out a user account for 5 minutes after 5 failures
Joseph Reynolds
jrey at linux.ibm.com
Thu Dec 5 02:49:03 AEDT 2019
I've pushed a code review to change Linux-PAM defaults to lock out a
user account for 5 minutes after 5 failed login attempts. This gives
legitimate users the access they need and slows down attackers.
This represents a change to OpenBMC default security settings,
specifically the AccountService schema properties AccountLockoutDuration
and AccountLockoutThreshold. This related to the D-Bus settings
described here:
https://github.com/openbmc/phosphor-dbus-interfaces/blob/master/xyz/openbmc_project/User/README.md
Please take a look.
https://gerrit.openbmc-project.xyz/c/openbmc/meta-phosphor/+/27527
- Joseph
More information about the openbmc
mailing list