|
|
Sponsored Content
Special Forums
Cybersecurity
Problem with limiting logins to one in AIX 5.3
Post 302113541 by Confused_lulu on Friday 6th of April 2007 10:34:12 PM
04-06-2007
Problem with limiting logins to one in AIX 5.3
I am migrating from 5.2 to 5.3 AIX. In previous versions of AIX, including 5.2, I've been able to limit user's logins to 1 by using the following script named Block_user:
#!/bin/ksh
USER=$1
NUM=`who | grep $USER | cut -c1-8 | wc -l`
#The above ' is not a single quote but back quote
if [[ $NUM -lt 1 ]]
then
exit 0
fi
echo "permission denied...$NUM is the limit of logins"
exit 1
and changing the following
/usr/lib/security/methods.cfg - add:
auth_method
program = /usr/bin/Block_user
and
/etc/security/user, changing the default stanza to read
auth1 = SYSTEM,auth_method
This doesn't work in 5.3. The user tries to login and receives "Invaild user or password". Removing the auth_method from /etc/security/user allows the person to login. I've spoken with IBM and so far no one has an answer as to why it will not work. I'm hoping someone out here does?
#!/bin/ksh
USER=$1
NUM=`who | grep $USER | cut -c1-8 | wc -l`
#The above ' is not a single quote but back quote
if [[ $NUM -lt 1 ]]
then
exit 0
fi
echo "permission denied...$NUM is the limit of logins"
exit 1
and changing the following
/usr/lib/security/methods.cfg - add:
auth_method
program = /usr/bin/Block_user
and
/etc/security/user, changing the default stanza to read
auth1 = SYSTEM,auth_method
This doesn't work in 5.3. The user tries to login and receives "Invaild user or password". Removing the auth_method from /etc/security/user allows the person to login. I've spoken with IBM and so far no one has an answer as to why it will not work. I'm hoping someone out here does?
|
|
9 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hi, I'm new to linux and unix, and i have couple of problems:
1) how can i limit the access for a user, for example, i created a user, and i want that this user will be able to be only in one directory, and will see only the files i want him to.
2) I have a domain name, and i want that every... (4 Replies)
Discussion started by: misha
4 Replies
2. UNIX for Dummies Questions & Answers
hey guys im rly new to unix. im attempting to list the 5 largest files in a directory.
so i got this far...
ls -lR | sort -r
and this lists all files by filesize, how can i limit this to only the 5 largest? (4 Replies)
Discussion started by: Aesop
4 Replies
3. UNIX for Dummies Questions & Answers
I'm using a FreeBSD 5 x86 system.
I have no users aside from root and my normal login, ie. the computer is not used by anyone other than myself.
I find that I get two ghosted logins after running KDE. These logins have no processes attached to them and `who` reports that they came from my... (1 Reply)
Discussion started by: seg
1 Replies
4. HP-UX
I have tried limiting failed logins to three by the following method
logins -ox \ | awk -F: '($8 != "LK" && $1 != "root") { print $1 }' \ | while read logname; do
/usr/lbin/modprpw -m umaxlntr=3 "$logname"
done
/usr/lbin/modprdef -m umaxlntr=3
but it is failing on the 4th... any ideas?... (1 Reply)
Discussion started by: csaunders
1 Replies
5. HP-UX
Hi,
I have searched the web and have come back with nothing that is satisfactory for what I require. SFTP is my corporations new file transfer standard. What I require is a method to lock down SFTP users to their directory (they may go to sub directories) while not restricting regular users. ... (2 Replies)
Discussion started by: Emancipator
2 Replies
6. AIX
Hi All,
Any idea on how to write a script on AIX 5.3 to monitor ftp or sftp login failed.
Thanks and more power,
Itik (2 Replies)
Discussion started by: itik
2 Replies
7. Solaris
I'm looking for a way to limit connections to a Solaris 10 box from any single IP.
The problem is that I've had more experience doing this with IPTables on Linux, rather than with IPFilter, which I've found to be somewhat feature-poor.
I hope there is some way to do this using IPFilter, I've... (2 Replies)
Discussion started by: spynappels
2 Replies
8. UNIX for Advanced & Expert Users
Hi,
I have a Debian 6 machine running Postfix 2.7.1. The email server works pretty well. I discovered that any non-root user can access to the mail queue using postqueue command just like root. How can I limit this access? (1 Reply)
Discussion started by: mjdousti
1 Replies
9. Shell Programming and Scripting
Greetings.
I have script to monitor the disk space of folder it runs every 17 min with help of cron. It sends email when disk size reaches to 85 %. Now the issue is that it continousely generates email until we clear some space in that folder. Is it possible to restrict the Script to send only... (14 Replies)
Discussion started by: manju98458
14 Replies
LEARN ABOUT SUNOS
logins
logins(1M) System Administration Commands logins(1M) NAME
logins - list user and system login information SYNOPSIS
/usr/bin/logins [-admopstux] [-g group...] [-l login_name...] DESCRIPTION
This command displays information on user and system logins known to the system. Contents of the output is controlled by the command options and can include the following: user or system login, user id number, passwd account field value (user name or other information), primary group name, primary group id, multiple group names, multiple group ids, home directory, login shell, and four password aging param- eters. The default information is the following: login id, user id, primary group name, primary group id and the account field value. Out- put is sorted by user id, system logins, followed by user logins. OPTIONS
Options may be used together. If so, any login that matches any criteria are displayed. The following options are supported: -a Add two password expiration fields to the display. The fields show how many days a password can remain unused before it automatically becomes inactive, and the date that the password expires. -d Selects logins with duplicate uids. -g group Selects all users belonging to group, sorted by login. Multiple groups can be specified as a comma-separated list. When the -l and -g options are combined, a user is only listed once, even if the user belongs to more than one of the selected groups. -l login_name...Selects the requested login. Multiple logins can be specified as a comma-separated list. Depending on the nameservice lookup types set in /etc/nsswitch.conf, the information can come from the /etc/passwd and /etc/shadow files and other nameservices. When the -l and -g options are combined, a user is only listed once, even if the user belongs to more than one of the selected groups. -m Displays multiple group membership information. -o Formats output into one line of colon-separated fields. -p Selects logins with no passwords. -s Selects all system logins. -t Sorts output by login instead of by uid. -u Selects all user logins. -x Prints an extended set of information about each selected user. The extended information includes home directory, login shell and password aging information, each displayed on a separate line. The password information consists of password status (PS for password, NP for no password or LK for locked). If the login is passworded, status is followed by the date the password was last changed, the number of days required between changes, and the number of days allowed before a change is required. The password aging information shows the time interval that the user receives a password expiration warning message (when logging on) before the password expires. ATTRIBUTES
See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Availability |SUNWcsu | +-----------------------------+-----------------------------+ SEE ALSO
attributes(5) SunOS 5.10 5 Jul 1990 logins(1M)