12-14-2015
There are many ways. Perhaps the best way, if not correct way is to use PAM. Most distro provided services are PAM enabled, and you can certainly create your own PAM enabled services as well.
With PAM you effectively stack these types of requirements.
Linux has probably the most robust selection of PAM modules available. But PAM started with Solaris. And PAM is available on HP-UX and AIX as well.
This User Gave Thanks to cjcox For This Post:
9 More Discussions You Might Find Interesting
1. Windows & DOS: Issues & Discussions
I am not an expert in Unix at all. My knowledge of Unix is average. We have a couple of Unix servers, Solaris and Linux, which run mostly web servers, and Oracle databases. Currently users have multiple user IDs for Unix and AD applications. Is it possible to make use of the Windows Active... (2 Replies)
Discussion started by: speriya
2 Replies
2. Shell Programming and Scripting
Is there a command or better combination of cmds that will give me the list of Unix users in a particular Unix group whether their primary group is that group in question (information stored in /etc/passwd) or they are in a secondary group (information stored in /etc/group).
So far all I got... (5 Replies)
Discussion started by: ckmehta
5 Replies
3. Solaris
I am using solaris unix 8.2 version. I want to bypass password authentication for sftp. Can you please give some ideas on this. thanks.Regards. (4 Replies)
Discussion started by: vijill
4 Replies
4. Web Development
My .NET website invokes a perl script to perform GIT operations on Gerrit server running UBuntu. In the perl script I connect using passwordless authentication to Gerrit server as below:
system ( "ssh gitadmin@gerritserver.com 'cd /xyz && git clone xxx' ");
I verified that ssh authentication... (3 Replies)
Discussion started by: tkota
3 Replies
5. AIX
We are looking at using Tivoli Directory Server (LDAP) or Active Directory 2003 for authentication. I wanted to get some feedback from the community. Our goal is to do it the simplest, easiest, and cheapest way that allows for centralized user authentication. We are mainly an AIX environment with... (3 Replies)
Discussion started by: x96riley3
3 Replies
6. UNIX and Linux Applications
Hi,
We are looking for UNIX and Linux authentication middleware/tools which can replace our existing RSA SecurID - Two-Factor Authentication. Any suggestions or recommendations.
Thanks,
Gabar (2 Replies)
Discussion started by: Gabar Singh
2 Replies
7. UNIX for Dummies Questions & Answers
Hi,
I was wondering if someone may be able to help me with finding out the different *nix logon types.
The different logon types for a Successful Logon event type in Windows (4624) is well documented both on the M$ site and also on many tech related sites, listing the different logon types... (6 Replies)
Discussion started by: urhero
6 Replies
8. Cybersecurity
Hello,
We have mid level infrastructure of all on-premises servers. All windows servers are getting authenticated by Microsoft Active Directory Services, half Unix (Solaris+Linux) servers are getting authentication by NIS and other half by LDAP.
We have plans to migrate from NIS to LDAP, so... (2 Replies)
Discussion started by: solaris_1977
2 Replies
9. Cybersecurity
The UNIX/Linux server security is challenging because these servers are at a risk of getting compromised at any point of time by the attackers. In today's enterprise environment, the UNIX and Linux servers are growing popular. With their increased popularity, these servers have become the primary... (1 Reply)
Discussion started by: reve-secure
1 Replies
LOGIN(1) BSD General Commands Manual LOGIN(1)
NAME
login -- log into the computer
SYNOPSIS
login [-pq] [-h hostname] [user]
login -f [-lpq] [-h hostname] [user [prog [args...]]]
DESCRIPTION
The login utility logs users (and pseudo-users) into the computer system.
If no user is specified, or if a user is specified and authentication of the user fails, login prompts for a user name. Authentication of
users is configurable via pam(8). Password authentication is the default.
The following options are available:
-f When a user name is specified, this option indicates that proper authentication has already been done and that no password need be
requested. This option may only be used by the super-user or when an already logged in user is logging in as themselves.
With the -f option, an alternate program (and any arguments) may be run instead of the user's default shell. The program and argu-
ments follows the user name.
-h Specify the host from which the connection was received. It is used by various daemons such as telnetd(8). This option may only be
used by the super-user.
-l Tells the program executed by login that this is not a login session (by convention, a login session is signalled to the program with
a hyphen as the first character of argv[0]; this option disables that), and prevents it from chdir(2)ing to the user's home direc-
tory. The default is to add the hyphen (this is a login session).
-p By default, login discards any previous environment. The -p option disables this behavior.
-q This forces quiet logins, as if a .hushlogin is present.
If the file /etc/nologin exists, login dislays its contents to the user and exits. This is used by shutdown(8) to prevent users from logging
in when the system is about to go down.
Immediately after logging a user in, login displays the system copyright notice, the date and time the user last logged in, the message of
the day as well as other information. If the file .hushlogin exists in the user's home directory, all of these messages are suppressed. -q
is specified, all of these messages are suppressed. This is to simplify logins for non-human users, such as uucp(1). login then records an
entry in utmpx(5) and the like, and executes the user's command interpreter (or the program specified on the command line if -f is speci-
fied).
The login utility enters information into the environment (see environ(7)) specifying the user's home directory (HOME), command interpreter
(SHELL), search path (PATH), terminal type (TERM) and user name (both LOGNAME and USER).
Some shells may provide a builtin login command which is similar or identical to this utility. Consult the builtin(1) manual page.
The login utility will submit an audit record when login succeeds or fails. Failure to determine the current auditing state will result in
an error exit from login.
FILES
/etc/motd message-of-the-day
/etc/nologin disallows logins
/var/run/utmpx current logins
/var/mail/user system mailboxes
.hushlogin makes login quieter
/etc/pam.d/login pam(8) configuration file
/etc/security/audit_user
user flags for auditing
/etc/security/audit_control
global flags for auditing
SEE ALSO
builtin(1), chpass(1), newgrp(1), passwd(1), rlogin(1), getpass(3), utmpx(5), environ(7)
HISTORY
A login utility appeared in Version 6 AT&T UNIX.
BSD
September 13, 2006 BSD