StarlingX

Debian: user is not locked after 5 consecutive failed login

Bug #1977876 reported by Andy
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
Low
Andy

Bug Description

Brief Description
-----------------
After 5 sysadmin user login failures with incorrect password on console window, there was no locked out for the user. The user was able to log in immediately after with the correct password.

Severity
--------
<Minor: System/Feature is usable with minor issue>

Steps to Reproduce
------------------
1. Install Debian Simplex system
2. Keep the console open and try to login as a sysadmin with the wrong password more than 5 times and verify with the correct password and whether the user was locked out.

Expected Behavior
------------------
The user is locked for 5 mins after the 5 failed login attempts.

Actual Behavior
----------------
The user can login with correct password right after the 5 failed login.

Reproducibility
---------------
100% reproducible

System Configuration
--------------------
Any

Branch/Pull Time/Commit
-----------------------
STX master latest.

Last Pass
---------
Unknown

Timestamp/Logs
--------------
See steps to reproduce.

Test Activity
-------------
Regression Testing

Workaround
----------
N/A

Andy (andy.wrs)
Changed in starlingx:
assignee: nobody → Andy (andy.wrs)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to config-files (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/starlingx/config-files/+/845295

Changed in starlingx:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to config-files (master)

Reviewed: https://review.opendev.org/c/starlingx/config-files/+/845295
Committed: https://opendev.org/starlingx/config-files/commit/0adac8de84a01ad32aeec4244f3221fa7076a682
Submitter: "Zuul (22348)"
Branch: master

commit 0adac8de84a01ad32aeec4244f3221fa7076a682
Author: Andy Ning <email address hidden>
Date: Mon Jun 6 09:32:57 2022 -0400

    Debian lockout user after 5 consecutive failed login

    Current pam configuration allows user to login with correct
    password right after 5 consecutive failed attempts. This change
    updated pam configuration to ensure a lockout of the user for
    5 mins after the 5 failed login.

    Test Plan on Debian:
    PASS: OS user lockout for 5 mins after 5 failed login attempts on
          console.
    PASS: OS user lockout for 5 mins after 5 failed login attempts on
          ssh.
    PASS: ldap user lockout for 5 mins after 5 failed login attempts on
          console.
    PASS: ldap user lockout for 5 mins after 5 failed login attempts on
          ssh.

    Closes-Bug: 1977876
    Signed-off-by: Andy Ning <email address hidden>
    Change-Id: I46b0bae1f6fb902318768a777855b09c938e4221

Changed in starlingx:
status: In Progress → Fix Released
Ghada Khalil (gkhalil)
Changed in starlingx:
importance: Undecided → Low
tags: added: stx.7.0 stx.debian stx.security
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.