Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Doubt User Log
Top Forums UNIX for Dummies Questions & Answers Doubt User Log Post 302171431 by DyDyLc on Thursday 28th of February 2008 12:49:04 PM
Old 02-28-2008
Hi,

The ERP Baan users conect using a BW client, and this client use a bshell connection with Unix server. The folders were on Unix Server and they use Unix authentication. I need to know how long ago the user didn't log or access the server or folder, because I would like to elimitate "ghost" users.

thanks a lot.... Smilie
 

9 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

User log in info

Hi, I am using SunOS and HP-UX. I am trying to removed user that has not been using the system for a period of time. Is there anyway to find out how long since the last time the user logged on. I know there is command "last" that read from the file /etc/wtmp that hold some of information. ... (1 Reply)
Discussion started by: vtran4270
1 Replies

2. Shell Programming and Scripting

log out user in script

Hi, I have a script giving option to allow user who run the script log out the server. I used 'exit' when user chose this option. But it didn't work the way I wanted. It only exit the program not the machine. I used 'logout' after 'exit'. Still not working. Anyone has some ideas? Thanks!!! (6 Replies)
Discussion started by: whatisthis
6 Replies

3. AIX

Log-Off a user

Hi everybody, First, Is the command who show all the users connected to my system? Is it equivalent to the commands last |grep still. Second, How I can log-off a specific user? Note: My system is AIX 4.3 (3 Replies)
Discussion started by: aldowsary
3 Replies

4. UNIX for Advanced & Expert Users

doubt regarding user password expiry in unix

I want to know the command through which we can know the expiry date of the password. I tried chage but it is not working on my system please provide necessary information I am not using root I need info on user level (2 Replies)
Discussion started by: irshad
2 Replies

5. UNIX for Dummies Questions & Answers

Doubt over Uid and User name.

Hi, I know the uid and I wan to know the user name the uid belongs to. How can I get it. Suppose My user name is ssnayak and coresponding uid is 1110 Similarly I know one uid 1212 and how can I come to know the user name for this uid. Thanks & Regards, Siba (3 Replies)
Discussion started by: siba.s.nayak
3 Replies

6. HP-UX

HP - New user who cant log on

Hi, Please could you tell me how I can create a new user account on HP-UX who can only sign-on from the console ? Thanks (4 Replies)
Discussion started by: catheram
4 Replies

7. Solaris

New user can not log in

Recently I created new user because I don not wont to use root account as default but when I want to login I can choose Java desktop and after few seconds , system returns me back to login screnn , only root account woks fine (16 Replies)
Discussion started by: microbot
16 Replies

8. Shell Programming and Scripting

User last log

I need know when user was loged last time? So when my user log in his account he will see welcom message: Hello username. Today is: date. Last time You loged on : date. I tried to use comand lastlog -u username but it shows me time from few seconds ago. I need logging one before. ... (1 Reply)
Discussion started by: Budrys
1 Replies

9. Shell Programming and Scripting

Log all the commands input by user at real time in /var/log/messages

Below is my script to log all the command input by any user to /var/log/messages. But I cant achieve the desired output that i want. PLease see below. function log2syslog { declare COMMAND COMMAND=$(fc -ln -0) logger -p local1.notice -t bash -i -- "$USER:$COMMAND" } trap... (12 Replies)
Discussion started by: invinzin21
12 Replies

LEARN ABOUT OPENSOLARIS

krb5_auth_rules

krb5_auth_rules(5)					Standards, Environments, and Macros					krb5_auth_rules(5)

NAME

       krb5_auth_rules - overview of Kerberos V5 authorization

DESCRIPTION

       When  kerberized  versions of the ftp, rdist, rcp, rlogin, rsh, telnet, or ssh clients are used to connect to a server, the identity of the
       originating user must be authenticated to the Kerberos V5 authentication system. Account access	can  then  be  authorized  if  appropriate
       entries	exist in the ~/.k5login file, the gsscred table, or if the default GSS/Kerberos authentication rules successfully map the Kerberos
       principal name to Unix login name.

       To avoid security problems, the ~/.k5login file must be owned by the remote user on the server the client is attempting to access. The file
       should contain a private authorization list comprised of Kerberos principal names of the form principal/instance@realm. The /instance vari-
       able  is  optional  in  Kerberos   principal   names.   For   example,	different   principal	names	such   as   jdb@ENG.ACME.COM   and
       jdb/happy.eng.acme.com@ENG.ACME.COM  would  each  be legal, though not equivalent, Kerberos principals. The client is granted access if the
       ~/.k5login file is located in the login directory of the remote user account and if the originating user can be authenticated to one of the
       principals named in the file. See gkadmin(1M) and kadm5.acl(4) for more information on Kerberos principal names.

       When no ~/.k5login file is found in the remote user's login account, the Kerberos V5 principal name associated with the originating user is
       checked against the gsscred table. If a gsscred table exists and the principal name is matched in the table, access is granted if the  Unix
       user  ID listed in the table corresponds to the user account the client is attempting to access. If the Unix user ID does not match, access
       is denied. See gsscred(1M).

       For example, an originating user listed in the gsscred table with the principal name jdb@ENG.ACME.COM and the uid 23154 is  granted  access
       to the jdb-user account if 23154 is also the uid of jdb-user listed in the user account database. See passwd(4).

       Finally, if there is no ~/.k5login file and the Kerberos V5 identity of the originating user is not in the gsscred table, or if the gsscred
       table does not exist, the client is granted access to the account under the following conditions (default GSS/Kerberos auth rules):

	   o	  The user part of the authenticated principal name is the same as the Unix account name specified by the client.

	   o	  The realm part of the client and server are the same, unless the krb5.conf(4) auth_to_local_realm parameter is  used	to  create
		  equivalence.

	   o	  The Unix account name exists on the server.

       For example, if the originating user has the principal name jdb@ENG.ACME.COM and if the server is in realm SALES.ACME.COM, the client would
       be denied access even if jdb is a valid account name on the server. This is because the realms SALES.ACME.COM and ENG.ACME.COM differ.

       The krb5.conf(4) auth_to_local_realm parameter also affects authorization. Non-default realms can be equated with  the  default	realm  for
       authenticated name-to-local name mapping.

FILES

       ~/.k5login     Per user-account authorization file.

       /etc/passwd    System account file. This information may also be in a directory service. See passwd(4).

ATTRIBUTES

       See attributes(5) for a description of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Evolving			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       ftp(1),	rcp(1),  rdist(1),  rlogin(1),	rsh(1), telnet(1), gkadmin(1M), gsscred(1M), kadm5.acl(4), krb5.conf(4), passwd(4), attributes(5),
       gss_auth_rules(5)

SunOS 5.11							    07 Apr 2006 						krb5_auth_rules(5)
All times are GMT -4. The time now is 12:33 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy