04-17-2011
I really wish people would stop suggesting expect as the duct-tape universal solution to interactive login issues. They're often not doing you any favors and inviting the creation of moon-sized security holes. These utilities are designed to prevent you from using stored plaintext passwords for a reason -- it's a really bad idea.
Do what you need to do as root instead, or perhaps with sudo configured to let you and only you do this and only this one particular thing as root, in one particular way. Things shouldn't prompt you for user passwords when you're root, which prevents the need for an insecure file holding the passwords for every user on your system, in plaintext. Sheesh!
This User Gave Thanks to Corona688 For This Post:
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hello,
I can't install matlab on my new mac os X because I am not logged in as a superuser. I type su root and it doesn't take my password. It just says sorry.
Is there a way to just reset it?
Thanks,
Z (3 Replies)
Discussion started by: zitz
3 Replies
2. UNIX for Dummies Questions & Answers
I have access to 15+ UNIX boxes at work, and I do not consistently log onto all of them over time. When I do try to access one I havent been on in awhile, my account is locked as the password has expired.
I need to request to the UNIX SA's that the password expiration is 90 days and that if it... (1 Reply)
Discussion started by: stringzz
1 Replies
3. UNIX for Advanced & Expert Users
Hi
We have over 100 unix servers. They include linux,solaris,aix,hp and sgi. I use telnet for some and ssh for rest. Note: none of this server has expect which i can use to update.So i am looking for expert who can help me with their script or guide me write KSH script to automate this.
Thank... (6 Replies)
Discussion started by: humaurtum
6 Replies
4. Shell Programming and Scripting
Dear All
Here is the details what i want to achieve from shell scripts
I have a sever where 5 databases are created. which i having diffrent SID's.
Now i want to execute some SQL queries on each one of the databases. (SQL Query is same).That i want to acheive via crontab
Now each one of the... (2 Replies)
Discussion started by: jhon
2 Replies
5. UNIX for Dummies Questions & Answers
Hi - I want to log commands typed by oraapps user with time into some log file on runtime.
HISTTIMEFORMAT="%d/%m/%y %T " works but any one with oraapps user can delete the history.
OS : RHEl 5.6
Any help is appreciated. (5 Replies)
Discussion started by: oraclermanpt
5 Replies
6. UNIX for Dummies Questions & Answers
Good day to everyone. This is my first time posting and just barely above basic Unix training. I think i have search thoroughly to ensure my question hasn't already been posted. But on the off chance the answer has been posted, please be nice as I am not 100% sure I know what I am looking for.
I... (1 Reply)
Discussion started by: Mrjester
1 Replies
7. Shell Programming and Scripting
I am working in Datastage Migration project. The applications has to be moved from legacy machines to the new machines.
all the applications will be having their own application id and password (non expiry) created in the unix (5.3). Now the scripts and the datastage applications has to be moved... (1 Reply)
Discussion started by: kmanivan82
1 Replies
8. Shell Programming and Scripting
Hi all,
I am fairly new to shell scripting and I am trying the following:
My shell script creates a tar file with files with the ending ~. The directory - where the files and sub directories are located - comes as a parameter when I call the script. Files that are archived will be written in... (1 Reply)
Discussion started by: neg42
1 Replies
9. Shell Programming and Scripting
Hi there,
In my attachment there is 'Category/Subcategory' & 'Setting'.
var=$(awk '/^Logon\/Logoff/ {P=0} P {print $0} FNR==1{printf("From file %s:\n", FILENAME)} /^System/ {P=1}' $file |grep -ia "IPsec Driver" );echo $var
As of now I am able to From File: Policies.txt IPsec... (2 Replies)
Discussion started by: alvinoo
2 Replies
10. Shell Programming and Scripting
I have been logging to 100 server everyday to test if I can login to the server.
I created a script to ssh-copy-id to every host so next time it will be password less. Now it keeps prompting me
Are you sure you want to continue connecting (yes/no)? yes
This is normal for first time login.... (2 Replies)
Discussion started by: invinzin21
2 Replies
LEARN ABOUT OSF1
login.krb5
LOGIN(8) System Manager's Manual LOGIN(8)
NAME
login.krb5 - kerberos enhanced login program
SYNOPSIS
login.krb5 [-p] [-fFe username] [-r | -k | -K | -h hostname]
DESCRIPTION
login.krb5 is a modification of the BSD login program which is used for two functions. It is the sub-process used by krlogind and telnetd
to initiate a user session and it is a replacement for the command-line login program which, when invoked with a password, acquires Ker-
beros tickets for the user.
login.krb5 will prompt for a username, or take one on the command line, as login.krb5 username and will then prompt for a password. This
password will be used to acquire Kerberos Version 5 tickets (if possible.) It will also attempt to run aklog to get AFS tokens for the
user. The version 5 tickets will be tested against a local krb5.keytab if it is available, in order to verify the tickets, before letting
the user in. However, if the password matches the entry in /etc/passwd the user will be unconditionally allowed (permitting use of the
machine in case of network failure.)
OPTIONS
-p preserve the current environment
-r hostname
pass hostname to rlogind. Must be the last argument.
-h hostname
pass hostname to telnetd, etc. Must be the last argument.
-f name
Perform pre-authenticated login, e.g., datakit, xterm, etc.; allows preauthenticated login as root.
-F name
Perform pre-authenticated login, e.g., datakit, xterm, etc.; allows preauthenticated login as root.
-e name
Perform pre-authenticated, encrypted login. Must do term negotiation.
CONFIGURATION
login.krb5 is also configured via krb5.conf using the login stanza. A collection of options dealing with initial authentication are pro-
vided:
krb5_get_tickets
Use password to get V5 tickets. Default value true.
krb_run_aklog
Attempt to run aklog. Default value false.
aklog_path
Where to find it [not yet implemented.] Default value $(prefix)/bin/aklog.
accept_passwd
Don't accept plaintext passwords [not yet implemented]. Default value false.
DIAGNOSTICS
All diagnostic messages are returned on the connection or tty associated with stderr.
SEE ALSO
rlogind(8), rlogin(1), telnetd(8)
LOGIN(8)