now, HP can be very annoying when your coming off of a solaris box. anyway, i needed to change a password for a user who was on an HP machine. Changing the password was no problem but getting the user to log on with the new password was the problem.
the user kept getting "account disabled"... (1 Reply)
What do I need to do to be able to connect to an IRC server from work?
At work I'm behind a firewall that blocks all IRC connections on standard ports.
I read that I could use a shell account and set something up (which I am searching what) that I could use to connect to and tunnel my... (4 Replies)
I am writing a script which will execute commands on remote host only if they have a passwordless ssh setup. How do i check for that in my script (5 Replies)
Is it possible to SSH with an account that has its shell set to /sbin/nologin?
The reason I ask is because I am running an instance of nagios where I need to use SSH keys to run a check, but I am getting connect errors in Nagios. Also, what is the risk I run into if I just simply change my... (2 Replies)
Hello experts,
Is it possible to have an user account on RHEL 6.3 as a su-only account, but with ssh capability and no interactive login? Let me elaborate.
Say, we have a cluster of 5 RHEL 6.3 servers and an user account (strmadmin) on each of the server as an su-only... (1 Reply)
This is a warning because we just went through searching for the error for some weeks.
In many cases the managed systems (respectively their service processors) reside on their own network, together with the HMC(s) managing them. In this setup usually the HMC acts as DHCP server for the service... (0 Replies)
Environment: CentOS 7
I would like to have a solution where a service account can access a server in only these ways:
ssh non-interactively via password or ssh key; that is, run commands or scripts (but running anything in /etc/shells will not be allowed)
not ssh interactively
regular... (2 Replies)
Discussion started by: bgstack15
2 Replies
LEARN ABOUT PLAN9
pam_acct_mgmt
PAM_ACCT_MGMT(3) Linux-PAM Manual PAM_ACCT_MGMT(3)NAME
pam_acct_mgmt - PAM account validation management
SYNOPSIS
#include <security/pam_appl.h>
int pam_acct_mgmt(pam_handle_t *pamh, int flags);
DESCRIPTION
The pam_acct_mgmt function is used to determine if the users account is valid. It checks for authentication token and account expiration
and verifies access restrictions. It is typically called after the user has been authenticated.
The pamh argument is an authentication handle obtained by a prior call to pam_start(). The flags argument is the binary or of zero or more
of the following values:
PAM_SILENT
Do not emit any messages.
PAM_DISALLOW_NULL_AUTHTOK
The PAM module service should return PAM_NEW_AUTHTOK_REQD if the user has a null authentication token.
RETURN VALUES
PAM_ACCT_EXPIRED
User account has expired.
PAM_AUTH_ERR
Authentication failure.
PAM_NEW_AUTHTOK_REQD
The user account is valid but their authentication token is expired. The correct response to this return-value is to require that the
user satisfies the pam_chauthtok() function before obtaining service. It may not be possible for some applications to do this. In such
cases, the user should be denied access until such time as they can update their password.
PAM_PERM_DENIED
Permission denied.
PAM_SUCCESS
The authentication token was successfully updated.
PAM_USER_UNKNOWN
User unknown to password service.
SEE ALSO pam_start(3), pam_authenticate(3), pam_chauthtok(3), pam_strerror(3), pam(7)Linux-PAM Manual 06/04/2011 PAM_ACCT_MGMT(3)