Records an unsuccessful login attempt.
Security Library (libc.a)
#include <usersec.h>
int loginfailed ( User, Host, Tty, Reason)
char *User;
char *Host;
char *Tty;
int Reason;
The loginfailed subroutine performs the processing necessary when an unsuccessful login attempt occurs. If the specified user name is not valid, the UNKNOWN_USER value is substituted for the user name. This substitution prevents passwords entered as the user name from appearing on screen.
The following attributes in /etc/security/lastlog file are updated for the specified user, if the user name is valid:
A login failure audit record is cut to indicate that an unsuccessful login attempt occurred. A utmp entry is appended to /etc/security/failedlogin file, which tracks all failed login attempts.
If the current unsuccessful login and the previously recorded unsuccessful logins constitute too many unsuccessful login attempts within too short of a time period (as specified by the logindisable and logininterval port attributes), the port is locked. When a port is locked, a PORT_Locked audit record is written to inform the system administrator that the port has been locked.
If the login retry delay is enabled (as specified by the logindelay port attribute), a sleep occurs before this subroutine returns. The length of the sleep (in seconds) is determined by the logindelay value multiplied by the number of unsuccessful login attempts that occurred in this process.
Access Control: The calling process must have access to the account information in the user database and the port information in the port database.
File Accessed:
Mode | File |
---|---|
r | /etc/security/user |
rw | /etc/security/lastlog |
r | /etc/security/login.cfg |
rw | /etc/security/portlog |
w | /etc/security/failedlogin |
Auditing Events:
Event | Information |
---|---|
USER_Login | username |
PORT_Locked | portname |
Upon successful completion, the loginfailed subroutine returns a value of 0. If an error occurs, a value of -1 is returned and errno is set to indicate the error.
The loginfailed subroutine fails if one or more of the following values is true:
EACCES | The current process does not have access to the user or port database. |
EPERM | The current process does not have permission to write an audit record. |
The authenticate (authenticate Subroutine) subroutine, getpcred (getpcred Subroutine) subroutine, getpenv (getpenv Subroutine) subroutine, loginrestrictions (loginrestrictions Subroutine) subroutine, loginsuccess (loginsuccess Subroutine) subroutine, setpcred subroutine, setpenv subroutine.
List of Security and Auditing Services in AIX 5L Version 5.2 General Programming Concepts: Writing and Debugging Programs.
Subroutines Overview in AIX 5L Version 5.2 General Programming Concepts: Writing and Debugging Programs.