Account lockouts in Solaris 10 can be configured per user in the /etc/user_attr file. Each user listed in the /etc/user_attr file can have an attribute defined called lock_after_retries. For a description of the format of this file, review the user_attr man page. By default, this value is set to no.
To configure account lockout for a specific user, add the lock_after_retries attribute with a value of yes.
Below is an example for the user jsmith.
jsmith::::type=normal;profiles=FOO Security Management;roles=secadm
To enable account lockout, you simple change the above line to:
jsmith::::type=normal;profiles=FOO Security Management;roles=secadm;lock_after_retries=yes
You configure the number of consecutive failed authentication attempts is based on the RETRIES parameter in the /etc/default/login file. By default, this parameter is set to 5. You can certainly customize this parameter based on your local needs and policy. By default, the Solaris Security Toolkit will set the RETRIES parameter to 3.
