Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

How to configure a shutdown at the xth wrong entered password?

Having an encrypted hard drive is all well and good, but chances are that if someone is gonna steal your laptop, it’s probably not going to be turned off. Most likely, it will be stolen in a powered-on state. And so your encrypted hard drive doesn’t increase your security at all since it’s currently unlocked.

This is how this blog article explains the problem and the setup on Debian.
A good solution may thus be to shutdown the device, when you have entered the wrong user-unlock password for e.g. 4 times.

However, I e.g. struggle to even find the common-auth or common-account in /etc/pam.d in my system there. Also, I guess, the article could be a little outdated or maybe not the best solution. And as I have not found this question being asked here already, I thought I'd better ask.

So in general: How do I configure an automatic shutdown after the x-th wrong entered password?

Note this is a security-requirement, so you should not e.g. not be able to cancel the shutdown. Also, it would be a little bad if you e.g. count for each user to 3, you should actually better have some global counter, so the attacker cannot switch to another user for trying their login first.

How to configure a shutdown at the xth wrong entered password?

Having an encrypted hard drive is all well and good, but chances are that if someone is gonna steal your laptop, it’s probably not going to be turned off. Most likely, it will be stolen in a powered-on state. And so your encrypted hard drive doesn’t increase your security at all since it’s currently unlocked.

This is how this blog article explains the problem and the setup on Debian.
A good solution may thus be to shutdown the device, when you have entered the wrong user-unlock password for e.g. 4 times.

However, I e.g. struggle to even find the common-auth or common-account in /etc/pam.d in my system there. Also, I guess, the article could be a little outdated or maybe not the best solution. And as I have not found this question being asked here already, I thought I'd better ask.

So in general: How do I configure an automatic shutdown after the x-th wrong entered password?

Note this is a security-requirement, so you should not e.g. not be able to cancel the shutdown. Also, it would be a little bad if you e.g. count for each user to 3, you should actually better have some global counter, so the attacker cannot switch to another user for trying their login first.


Cross-posted at StackExchange Unix.