Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Telnet permission for other then root users in HP-UNIX
Operating Systems HP-UX Telnet permission for other then root users in HP-UNIX Post 302370804 by vbe on Thursday 12th of November 2009 12:29:35 PM
Old 11-12-2009
when you create a new account, whar does the new line look like in /etc/passwd?
Does your application create also a (correct...) home directory?
When you say telnet the server, you mean from elsewhere to this HP server right?
 

10 More Discussions You Might Find Interesting

1. Linux

Can Telnet in Linux 8.0 be restricted for users

Hi, I want to create a user and allow its to be able to have telnet session like what you have in the ftp allow and deny. Is this possible Thanx. (3 Replies)
Discussion started by: kayode
3 Replies

2. UNIX for Dummies Questions & Answers

Root cannot change /home permission

Folks; I'm a root but i couldn't change /home directory permission or group. i'm getting operation not permitted. Any help? (6 Replies)
Discussion started by: moe2266
6 Replies

3. UNIX for Advanced & Expert Users

about the access permission of users home directory

RHEL5.0 As we know, when root create a new user, a new home directory will be created : /home/user I want to know what determine the access permission of /home/user . Thanks! (1 Reply)
Discussion started by: cqlouis
1 Replies

4. Programming

Debugging in eclipse with root permission

Hi, I've been working on a project that needs to be run as root user. however when I want to debug it in eclipse, I can't run it as root user. currently, I'm debugging with GDB in root. Is there a solution for this ?, because I don't find the solution of running eclipse as root a good solution.... (4 Replies)
Discussion started by: mellowcandle
4 Replies

5. Shell Programming and Scripting

enabling telnet for some users

dear all telnet on our server is disabled for security reasons , if we want to allow telnet for some users , ( maybe 1 or 2 to be able to telnet ) is their any way to do that ?? does anyone have any ideas ? thanks (3 Replies)
Discussion started by: semaan
3 Replies

6. UNIX for Dummies Questions & Answers

Sudo to delegate permission from non-root user to another non-root user

I've been through many threads before i decide to create a separate thread. I can't really find the solution to my (simple) problem. Here's what I'm trying to achieve: As "canar" user I want to run a command, let's say "/opt/ocaml/bin/ocaml" as "duck" user. The only to achieve this is to... (1 Reply)
Discussion started by: canar
1 Replies

7. Solaris

User want to full root permission

hi guys.. how to give root permission for particular user tel me step by step (2 Replies)
Discussion started by: coolboys
2 Replies

8. UNIX for Advanced & Expert Users

Permission inherited by users

Hi Felas I am running Fedora and have this issue on my system: I have the following users: jane:x:552:100::/usr1/users/jane:/bin/bash jules:x:553:100::/usr1/users/jules:/bin/bash I have the following group which all users belong to: lab:x:100:root,jules,jane I have the... (4 Replies)
Discussion started by: ndaka123488
4 Replies

9. Shell Programming and Scripting

Find users with root UID or GID or root home

I need to list users in /etc/passwd with root's GID or UID or /root as home directory If we have these entries in /etc/passwd root:x:0:0:root:/root:/bin/bash rootgooduser1:x:100:100::/home/gooduser1:/bin/bash baduser1:x:0:300::/home/baduser1:/bin/bash... (6 Replies)
Discussion started by: anil510
6 Replies

10. AIX

Telnet sessions stay as idle users

Hi The telnet sessions stay as idle users. It is not getting kicked out. Please advise what could be the issue. only when we reboot the server these telnet sessions goes. Below is the current output from the server. we rebooted the server three days ago: pmut6:/> uptime 04:21PM... (8 Replies)
Discussion started by: newtoaixos
8 Replies

LEARN ABOUT OPENDARWIN

krb5_auth_rules

krb5_auth_rules(5)                                      Standards, Environments, and Macros                                     krb5_auth_rules(5)

NAME

       krb5_auth_rules - Overview of Kerberos V5 authorization

DESCRIPTION

       When  a  user  uses  kerberized  versions of the ftp, rdist, rcp, rlogin, rsh, or telnet clients to connect to a server, even if the user's
       claimed Kerberos V5 identity is authenticated, the user is not necessarily authorized. Authentication merely proves that the user  is  "who
       he says he is" to the Kerberos V5 authentication system. Authorization also needs to be done, since it determines if that Kerberos identity
       is permitted to access the Solaris user account that the client wants to access.

       Each user may have a private authorization list in a file ~/.k5login in his login directory (on the server). Each line in this file  should
       contain  a  Kerberos  principal name of the form principal/instance@realm. If the server finds a ~/.k5login file, then access is granted to
       the account if and only if the originating user is authenticated to one of the principals named in the ~/.k5login file.

       If there is no ~/.k5login file, the originating user will then be checked against the gsscred table (see gsscred(1M)).  If the  originating
       user's  Kerberos  V5  identity  is  in  the gsscred table, and if the UNIX user id in the gsscred table corresponds to the user account the
       client is trying access, then the originating user is granted access to the account on the server. If the UNIX user id does not match, then
       the originating user is denied access.

       For  example, suppose the originating user has a principal name of jdb@ENG.ACME.COM and the target account is jdb-user. If jdb@ENG.ACME.COM
       appears in the gsscred table with uid 23154 and if jdb-user appears in the user account database  (see  passwd(4))  with  uid  23154,  then
       access to account jdb-user is granted.  Of course, normally, the target account name in this example would be jdb and not jdb-user.

       Finally,  if there is no ~/.k5login file and if the originating user's Kerberos V5 identity is not in the gsscred table, then the user will
       be granted access to the account if and only if all of the following are true:

         o  The user part of the authenticated principal name is the same as the target account name specified by the client.

         o  The realm part of the client and server are the same.

         o  The target account name exists on the server.

       For example, if the originating user has a principal name of jdb@ENG.ACME.COM and if the server is in realm SALES.ACME.COM,  then  even  if
       jdb  is  a  valid account name on the server, the client would be denied access. This is because the realms SALES.ACME.COM and ENG.ACME.COM
       differ.

FILES

       ~/.k5login      Per user-account authorization file.

       /etc/passwd     System account file. This information may also be in a directory service. See passwd(4).

ATTRIBUTES

       See attributes(5) for a description of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE         |      ATTRIBUTE VALUE        |
       +-----------------------------+-----------------------------+
       |Interface Stability          |Evolving                     |
       +-----------------------------+-----------------------------+

SEE ALSO

       ftp(1), rcp(1), rdist(1), rlogin(1), rsh(1), telnet(1), gsscred(1M), passwd(4), attributes(5), gss_auth_rules(5)

NOTES

       To avoid security problems, the ~/.k5login file must be owned by the remote user.

SunOS 5.10                                                          13 Apr 2004                                                 krb5_auth_rules(5)
All times are GMT -4. The time now is 02:08 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy