Let me add some more information to my original message, my user account
is not actually locked out of the system (when I use dxaccounts my
account is active) just not able to establish a FTP session. I can
telnet to the systems so my account works. Other accounts set up on the
system work fine for both telnet and ftp. If I try to ftp to one of the
systems with another id from my system telnet will work but ftp will not
because the system is not only blocking my account from being able to
ftp to the system but also any id from my system. Any other id from
another system can telnet and ftp to the system without problem. If I
use a different id from a different system more than 3 times with an
incorrect password then that system and user id will not be able to ftp
into the Tru64 system and using dxaccounts will show the account still
active. I believe this has something to do with C2 security since I can
change back over to the ftp daemon that comes with the OS and I can ftp
in.
Original Question:
I have built 3 ftp servers for our company using Alphaserver 300's and
Tru64 4.0f w/ PatchKit 1. The only software installed on the system
outside the OS is ProFTP and TCP wrappers. C2 security has been enabled.
TCP Wrappers are allowing Telnet requests from internal ip's only and
ftp request from any site. To insure that I installed the software
correctly I was doing test FTP and Telnet sessions from my workstation.
On two of the systems I had too many attempts to FTP into the system and
they will not allow my User ID or any ID from my workstation to create a
FTP session. I can telnet to all three systems without a problem and
anyone else can ftp to any of the systems that are allowed. Therefore I
relize that there is somekind of lock on not only my ID but also my
workstation IP/DNS name just for FTP sessions. Does anyone have a clue
where I can go to clear this situation up. I also relize this will be
handy to know down the road when some user forgets his password and has
too many incorrect login attempts and gets locked out of the system.
Joe Ryals
UNIX Systems Administrator
Received on Mon Jan 31 2000 - 19:09:52 NZDT