|
|
Sponsored Content
Top Forums
UNIX for Dummies Questions & Answers
How to enable a disabled Unix account on HP-UX
Post 70164 by kajap on Tuesday 26th of April 2005 01:26:22 PM
04-26-2005
|
|
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hi Every one
I disable the root account entering wrong password for many time
How can I enable the root account
I am using Tru64 Unix V4.0G
Thank you (2 Replies)
Discussion started by: Syed_45
2 Replies
2. UNIX for Dummies Questions & Answers
now, HP can be very annoying when your coming off of a solaris box. anyway, i needed to change a password for a user who was on an HP machine. Changing the password was no problem but getting the user to log on with the new password was the problem.
the user kept getting "account disabled"... (1 Reply)
Discussion started by: TRUEST
1 Replies
3. HP-UX
Hi, hope someone could help me here:
Our root account was disabled on our production server this morning and usually we would login at the console to re-enable the account. However we are unable to get a login prompt at the console. The console displays the 8 options along the bottom and a... (2 Replies)
Discussion started by: AaronC
2 Replies
4. AIX
With an account that uses "Login AUTHENTICATION GRAMMAR" = "LDAP", I get this when trying to enable 16 MB page support:
-bash-3.00# chuser capabilities=CAP_BYPASS_RAC_VMM,CAP_PROPAGATE trbld
Error changing "capabilities" to "CAP_BYPASS_RAC_VMM,CAP_PROPAGATE" : Value is invalid.
I also tried... (1 Reply)
Discussion started by: mdyeager
1 Replies
5. HP-UX
I frequently rexec into a remote box to run a job, occaisionally I get the the error message "rexecd: Account Disabled" and in the remote box syslog I see "rexecd: PAM - status 28 PAM error message: account is disabled". After a 1/2 hour or so the problem goes away. Anyone shed any light on... (0 Replies)
Discussion started by: CBorgia
0 Replies
6. HP-UX
Hi.
I have an issue with root account. System doesn't let me to log on, because accound is disabled/locked.
This problem since I have converted passwords file to data base using SAM.
I didn't change user's parameters.
Somebody knows how can i enable my root account back? (14 Replies)
Discussion started by: netwalker
14 Replies
7. UNIX for Dummies Questions & Answers
Thanks
AVKlinux (3 Replies)
Discussion started by: avklinux
3 Replies
8. UNIX for Advanced & Expert Users
Hi
I added a new user using root... now i need to enable sqlplus for that particular user... when i give sqlplus schemaname/pwd it gives
$ sqlplus
-bash: sqlplus: command not found
PFB the OS am using
$ uname -a
Linux gs-portal-04 2.4.21-57.ELsmp #1 SMP Wed Apr 23... (4 Replies)
Discussion started by: Whiteboard
4 Replies
9. UNIX for Dummies Questions & Answers
Hi,
I have PC with Linux OS RHEL3 and USB port is disabled from BIOS. BIOS access is protected using password. But, I have root access. Now, how can I enable USB port using root access? Is there any trick that I can do using root access that can enable USB port once my PC has booted up? (3 Replies)
Discussion started by: gydave
3 Replies
10. SCO
SCO 5.0.7 server on an HP Proliant ML350G5 with E200 raid controller.
The message on the server during boot says this message in several places. "Root Account Disabled, but allowing entry via deamon"
At this point, there are some hardware issues to work through first. One is that we don't... (2 Replies)
Discussion started by: cjdavis618
2 Replies
LEARN ABOUT OPENSOLARIS
krb5_auth_rules
krb5_auth_rules(5) Standards, Environments, and Macros krb5_auth_rules(5) NAME
krb5_auth_rules - overview of Kerberos V5 authorization DESCRIPTION
When kerberized versions of the ftp, rdist, rcp, rlogin, rsh, telnet, or ssh clients are used to connect to a server, the identity of the originating user must be authenticated to the Kerberos V5 authentication system. Account access can then be authorized if appropriate entries exist in the ~/.k5login file, the gsscred table, or if the default GSS/Kerberos authentication rules successfully map the Kerberos principal name to Unix login name. To avoid security problems, the ~/.k5login file must be owned by the remote user on the server the client is attempting to access. The file should contain a private authorization list comprised of Kerberos principal names of the form principal/instance@realm. The /instance vari- able is optional in Kerberos principal names. For example, different principal names such as jdb@ENG.ACME.COM and jdb/happy.eng.acme.com@ENG.ACME.COM would each be legal, though not equivalent, Kerberos principals. The client is granted access if the ~/.k5login file is located in the login directory of the remote user account and if the originating user can be authenticated to one of the principals named in the file. See gkadmin(1M) and kadm5.acl(4) for more information on Kerberos principal names. When no ~/.k5login file is found in the remote user's login account, the Kerberos V5 principal name associated with the originating user is checked against the gsscred table. If a gsscred table exists and the principal name is matched in the table, access is granted if the Unix user ID listed in the table corresponds to the user account the client is attempting to access. If the Unix user ID does not match, access is denied. See gsscred(1M). For example, an originating user listed in the gsscred table with the principal name jdb@ENG.ACME.COM and the uid 23154 is granted access to the jdb-user account if 23154 is also the uid of jdb-user listed in the user account database. See passwd(4). Finally, if there is no ~/.k5login file and the Kerberos V5 identity of the originating user is not in the gsscred table, or if the gsscred table does not exist, the client is granted access to the account under the following conditions (default GSS/Kerberos auth rules): o The user part of the authenticated principal name is the same as the Unix account name specified by the client. o The realm part of the client and server are the same, unless the krb5.conf(4) auth_to_local_realm parameter is used to create equivalence. o The Unix account name exists on the server. For example, if the originating user has the principal name jdb@ENG.ACME.COM and if the server is in realm SALES.ACME.COM, the client would be denied access even if jdb is a valid account name on the server. This is because the realms SALES.ACME.COM and ENG.ACME.COM differ. The krb5.conf(4) auth_to_local_realm parameter also affects authorization. Non-default realms can be equated with the default realm for authenticated name-to-local name mapping. FILES
~/.k5login Per user-account authorization file. /etc/passwd System account file. This information may also be in a directory service. See passwd(4). ATTRIBUTES
See attributes(5) for a description of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Interface Stability |Evolving | +-----------------------------+-----------------------------+ SEE ALSO
ftp(1), rcp(1), rdist(1), rlogin(1), rsh(1), telnet(1), gkadmin(1M), gsscred(1M), kadm5.acl(4), krb5.conf(4), passwd(4), attributes(5), gss_auth_rules(5) SunOS 5.11 07 Apr 2006 krb5_auth_rules(5)