Proposal: lock out a user account for 5 minutes after 5 failures

Joseph Reynolds jrey at linux.ibm.com
Thu Dec 5 02:49:03 AEDT 2019


I've pushed a code review to change Linux-PAM defaults to lock out a 
user account for 5 minutes after 5 failed login attempts.  This gives 
legitimate users the access they need and slows down attackers.

This represents a change to OpenBMC default security settings, 
specifically the AccountService schema properties AccountLockoutDuration 
and AccountLockoutThreshold.  This related to the D-Bus settings 
described here: 
https://github.com/openbmc/phosphor-dbus-interfaces/blob/master/xyz/openbmc_project/User/README.md

Please take a look.
https://gerrit.openbmc-project.xyz/c/openbmc/meta-phosphor/+/27527

- Joseph



More information about the openbmc mailing list