[BlueOnyx:12872] Re: Renaming user accounts
Eric Peabody
admin at bnserve.com
Wed Apr 17 08:27:39 -05 2013
Chris,
You are right that pam_abl will help prevent the attacker from
successfully guessing the password. But the problem is that pam_abl
locks the accounts when the attacks are running, preventing the
legitimate users from accessing their accounts. Changing the user name
associated with the email address has significantly reduced the
unauthorized activity's interference with legitimate operations.
We create new accounts with more obscure user names but there are a few
old ones that have repeatedly been locked.
Eric
On 4/17/13 8:02 AM, Chris Gebhardt - VIRTBIZ Internet wrote:
> Hi Eric,
> On 4/17/2013 7:55 AM, Eric Peabody wrote:
>> Or is it recommended to create a second account, copy the data from the
>> old home directory to the new? That might be simpler in the end.
> Yes. That way. ;)
>
> Or... just make sure that you have good strong passwords on all the
> accounts and lock out attackers with pam_abl. That has worked for a
> long, long time for us. Ever since 5106R was first implemented (and we
> were an early adopter!)
>
More information about the Blueonyx
mailing list