RE: [Fed-Talk] cannot change max login attempts (10.4 Server)
RE: [Fed-Talk] cannot change max login attempts (10.4 Server)
- Subject: RE: [Fed-Talk] cannot change max login attempts (10.4 Server)
- From: "Valentine, Ruth Ann B." <email@hidden>
- Date: Thu, 30 Sep 2010 13:24:27 -0400
- Acceptlanguage: en-US
- Thread-topic: [Fed-Talk] cannot change max login attempts (10.4 Server)
I have had varying success with pwpolicy. Sometimes it works, sometimes it doesn't...... depends on the weather, I think. I noticed that you are not specifiying a -n (node). That may be it.
Ruth Ann Valentine
The MITRE Corp.
email@hidden
-----Original Message-----
From: fed-talk-bounces+ruthann=email@hidden [mailto:fed-talk-bounces+ruthann=email@hidden] On Behalf Of email@hidden
Sent: Thursday, September 30, 2010 12:36 PM
To: email@hidden
Subject: [Fed-Talk] cannot change max login attempts (10.4 Server)
I'm trying to set the maximum number of login attempts on my 10.4 server. I'm using a OD Master configuration.
I entered the following command:
# sudo pwpolicy -a diradmin -setglobalpolicy "usingHistory=12 canModifyPasswordforSelf=1 usingExpirationDate=0 usingHardExpirationDate=0 requiresAlpha=1 requiresNumeric=1 expirationDateGMT=12/31/69 hardExpireDateGMT=12/31/69 maxMinutesUntilChangePassword=86400 maxMinutesUntilDisabled=0 maxMinutesOfNonUse=86400 maxFailedLoginAttempts=5 minChars=12 maxChars=0 passwordCannotBeName=1 requiresMixedCase=1 requiresSymbol=1 newPasswordRequired=0 minutesUntilFailedLoginReset=15 notGuessablePattern=1"
Everything seemed to be set correctly except for the "maxFailedLoginAttempts=5" part. The policy still reads:
# pwpolicy -getglobalpolicy
[...] maxFailedLoginAttempts=0 [...]
I also tried using the Server Admin GUI under Open Directory, Policy, Passwords. I can check the box for the max login attempts and enter a number. After I click "Save" it reverts to unchecked and a gray, and "pwpolicy" still reports maxFailedLoginAttempts=0
Is this a known bug or limitation in 10.4, or am I doing something wrong?
--
Rob
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden