Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Direct/scsu access to unix account
Operating Systems Solaris Direct/scsu access to unix account Post 302423538 by runnerpaul on Friday 21st of May 2010 09:00:41 AM
Old 05-21-2010
Excellet. Thats exactly what I need.
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Account access

I have a lot of users that I think are no longer using their acocunts. What I want to do is see when they lasted logged in. I have tried LAST and FINGER but they do not seem to have the information I need. All help much appreciated. (2 Replies)
Discussion started by: yearntolearn
2 Replies

2. Programming

Direct disk access

Is there any way to write to disk sector by sector, without any files, filesystems etc. I did that in DOS, but that was DOS. (3 Replies)
Discussion started by: Lopatonosec
3 Replies

3. UNIX for Dummies Questions & Answers

Change other account password from root access

Hi, I have forgotten my personal account password but I still have the root access to the box. Please tell me how can I change my other account password by logging as root. Thanks. Rakesh :D (4 Replies)
Discussion started by: rakeshou
4 Replies

4. Shell Programming and Scripting

how i can make one ip access to ftp account and deny others

HI I want to make only one IP can access to ftp acount in cpanel or by shell can any body help me ? (1 Reply)
Discussion started by: elkadrey
1 Replies

5. Solaris

Restricting access to functional database account through unix

Hi, At present there is a functional database account which can be accessed when logging in through a unix server. At present it can be accessed through from any UNIX account on this server. Is there any way of restricting it so it can only be accessed through a functional unix account but only... (2 Replies)
Discussion started by: runnerpaul
2 Replies

6. AIX

Disabling SSH direct access for an AIX user

Hello everyone, Can anyone help me please. I want to disable SSH direct access for an AIX user. For example, if I have USER1 and USER2. I want to disactivate direct access for USER2. The user must enter his login (USER1) and his password and then he can do su - USER2 . Thanks, (3 Replies)
Discussion started by: adilyos
3 Replies

7. Shell Programming and Scripting

Manipulating sed Direct Input to Direct Output

Hi guys, been scratching round the forums and my mountain of resources. Maybe I havn't read deep enough My question is not how sed edits a stream and outputs it to a file, rather something like this below: I have a .txt with some text in it :rolleyes: abc:123:xyz 123:abc:987... (7 Replies)
Discussion started by: the0nion
7 Replies

8. Forum Support Area for Unregistered Users & Account Problems

Cannot access my account

Whenever i try to log in i can enter my username (bakunin) and password but am redirected to an error screen showing an SQL error: Database error in vBulletin 3.8.4: Invalid SQL: UPDATE user SET country_iso2=DE WHERE userid=41441; MySQL Error : Unknown column 'DE' in 'field list' Error... (1 Reply)
Discussion started by: aka-bakunin
1 Replies

9. AIX

Procedure to restrict direct access as root

Hello, I would like to confirm whether the below procedure is correct. disabled direct super user access on AIX server using below procedure. Please let me know if there is any additional step. 1) confirm the access to HMC, console to reach the LPARs 2) chuser rlogin=false root ... (3 Replies)
Discussion started by: dio34
3 Replies

10. UNIX for Advanced & Expert Users

Restrict service account from direct interactive sessions

Environment: CentOS 7 I would like to have a solution where a service account can access a server in only these ways: ssh non-interactively via password or ssh key; that is, run commands or scripts (but running anything in /etc/shells will not be allowed) not ssh interactively regular... (2 Replies)
Discussion started by: bgstack15
2 Replies

LEARN ABOUT OPENDARWIN

krb5_auth_rules

krb5_auth_rules(5)                                      Standards, Environments, and Macros                                     krb5_auth_rules(5)

NAME

       krb5_auth_rules - Overview of Kerberos V5 authorization

DESCRIPTION

       When  a  user  uses  kerberized  versions of the ftp, rdist, rcp, rlogin, rsh, or telnet clients to connect to a server, even if the user's
       claimed Kerberos V5 identity is authenticated, the user is not necessarily authorized. Authentication merely proves that the user  is  "who
       he says he is" to the Kerberos V5 authentication system. Authorization also needs to be done, since it determines if that Kerberos identity
       is permitted to access the Solaris user account that the client wants to access.

       Each user may have a private authorization list in a file ~/.k5login in his login directory (on the server). Each line in this file  should
       contain  a  Kerberos  principal name of the form principal/instance@realm. If the server finds a ~/.k5login file, then access is granted to
       the account if and only if the originating user is authenticated to one of the principals named in the ~/.k5login file.

       If there is no ~/.k5login file, the originating user will then be checked against the gsscred table (see gsscred(1M)).  If the  originating
       user's  Kerberos  V5  identity  is  in  the gsscred table, and if the UNIX user id in the gsscred table corresponds to the user account the
       client is trying access, then the originating user is granted access to the account on the server. If the UNIX user id does not match, then
       the originating user is denied access.

       For  example, suppose the originating user has a principal name of jdb@ENG.ACME.COM and the target account is jdb-user. If jdb@ENG.ACME.COM
       appears in the gsscred table with uid 23154 and if jdb-user appears in the user account database  (see  passwd(4))  with  uid  23154,  then
       access to account jdb-user is granted.  Of course, normally, the target account name in this example would be jdb and not jdb-user.

       Finally,  if there is no ~/.k5login file and if the originating user's Kerberos V5 identity is not in the gsscred table, then the user will
       be granted access to the account if and only if all of the following are true:

         o  The user part of the authenticated principal name is the same as the target account name specified by the client.

         o  The realm part of the client and server are the same.

         o  The target account name exists on the server.

       For example, if the originating user has a principal name of jdb@ENG.ACME.COM and if the server is in realm SALES.ACME.COM,  then  even  if
       jdb  is  a  valid account name on the server, the client would be denied access. This is because the realms SALES.ACME.COM and ENG.ACME.COM
       differ.

FILES

       ~/.k5login      Per user-account authorization file.

       /etc/passwd     System account file. This information may also be in a directory service. See passwd(4).

ATTRIBUTES

       See attributes(5) for a description of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE         |      ATTRIBUTE VALUE        |
       +-----------------------------+-----------------------------+
       |Interface Stability          |Evolving                     |
       +-----------------------------+-----------------------------+

SEE ALSO

       ftp(1), rcp(1), rdist(1), rlogin(1), rsh(1), telnet(1), gsscred(1M), passwd(4), attributes(5), gss_auth_rules(5)

NOTES

       To avoid security problems, the ~/.k5login file must be owned by the remote user.

SunOS 5.10                                                          13 Apr 2004                                                 krb5_auth_rules(5)
All times are GMT -4. The time now is 01:35 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy