Native “three strikes” password lockout is something that has only recently been added to Solaris 10, and that only in response to customer demand.

This is because modern security geeks (myself included) tend to view “three-strikes” as a horrible, complicated, messy, stupid security risk, irrespective of the number of stuck-in-the-1980s VAX-VMS-based / IBM-mainframe-based customer security operations documents that demand it.

The problems of “three-strikes” in the modern enterprise environment are legion…

Article continues on my webpage at [blogs.sun.com]