22 Dec
2010
22 Dec
'10
9:24 p.m.
hey list
I'm doing a PCI audit for my company. One of the requirements is to specify a lockout duration of 30 minutes after 6 failed login attempts:
For a sample of system components, obtain and insp 8.5.14 rd parameters system configuration settings to verify that passwo ed out, it are set to require that once a user account is lock a system remains locked for a minimum of 30 minutes or until administrator resets the account
I'm pretty sure this is a pam thing but does anyone know how this can best be achieved?
thanks!
--
GPG me!!
gpg --keyserver pgp.mit.edu --recv-keys F186197B