Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: forcing su on a user
Top Forums UNIX for Advanced & Expert Users forcing su on a user Post 46310 by csaunders on Tuesday 13th of January 2004 11:54:36 AM
Old 01-13-2004
forget AIX, its possibel, i just need to know how it can be done in Solaris 8 and HP-UX 11
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

forcing irq on PCMCIA card

ENV: linux Version: Mandrake 8.1, PCMCIA card: longshine lcs-8534TB. (supported according the PCMCIA docs) laptop is P-II lifetec /etc/sysconfig/pcmcia: PCMCIA=yes PCIC=i82365 ( found via probe -m ) PCIC_OPTS="cs_irq=11 pci_irq_list=11,11 do_scan=0" ( you see i want to force irq 11 )... (3 Replies)
Discussion started by: progressdll
3 Replies

2. Solaris

forcing users to su

Is there a way in solaris 9 to prevent a user to login via ssh, telnet, rlogin, and only be able to su as that user, for example have DBA joe blow login as jblow, and then su to oracle BUT not vice versa have DBA joe blow login as oralce (6 Replies)
Discussion started by: csaunders
6 Replies

3. Solaris

forcing password change every X days?

Hi, how do I go about forcing users to change their password every, say, 30 days? Aaron (1 Reply)
Discussion started by: amheck
1 Replies

4. UNIX for Dummies Questions & Answers

Forcing Makefile to Ignore Errors

Is there A way I can Force a makefile to ignore errors? i believe it is using gcc. i have a set of commands in the makefile that i want to run and each time the makefile gets to the point of this commands, it aborts because of the commands. how can i get the makefile to keep running... (3 Replies)
Discussion started by: SkySmart
3 Replies

5. Red Hat

Forcing a kernel panic in RHEL 5.4

Hello, Is there a way to force a kernel panic in RHEL 5.4 in such a way that the machine reboots after the panic. Thanks, Kanna (1 Reply)
Discussion started by: kanna_geekworkz
1 Replies

6. UNIX for Dummies Questions & Answers

AWK: Backslash \ and forcing output not to go onto new lines

Dear all, I am using Mac OSX, have been successfully written an awk script during the last days. I use the script to convert parts of a .dot-file into graphml code. First question: Backslash My .dot-code includes repeatedly the sign "\n". I would like to search for this sign and substitute... (4 Replies)
Discussion started by: ingli
4 Replies

7. Shell Programming and Scripting

Forcing a tty session but getting a password prompt?

I have a master host I want to use to issue some start/stop of LDAP services. I changed the client hosts /etc/sudoers to have Defaults:infra !requiretty The master host kicks off the jobs using the infra account doing a ssh session to the infra account on the clients. #!/bin/ksh ps -fu... (5 Replies)
Discussion started by: J-Man
5 Replies

8. Hardware

Forcing Linux to keep charging my Kindle

Linux seems to have weird USB power saving features, my Kindle 3 only gets some charge before Linux powers down the USB port. When the device is mounted, it doesn't get enough power, with this same hardware under Windows I don't get the message on the Kindle "currently your kindle is not... (2 Replies)
Discussion started by: John Tate
2 Replies

9. Shell Programming and Scripting

Forcing another user to run a shell script (su)

I'm trying to use su (as myuser) to force another user (theuser) to run a shell script (thescript.sh): su theuser -c /home/theuser/thescript.sh However I'm running this from another script, and it is asking for theuser's password. I would rather avoid displaying it in the file (using echo... (2 Replies)
Discussion started by: asdfgg
2 Replies

10. Programming

Forcing a write to a file without newline?

Hello, I am writing a program which runs with root privileges, and it creates a child with lowered privileges and has to redirect it's stdout and stderr to a file and then run bash. The problem is, whenever I read this file, I want to see all of the current output, even when the program is still... (10 Replies)
Discussion started by: madd-games
10 Replies

LEARN ABOUT SUNOS

krb5_auth_rules

krb5_auth_rules(5)					Standards, Environments, and Macros					krb5_auth_rules(5)

NAME

       krb5_auth_rules - Overview of Kerberos V5 authorization

DESCRIPTION

       When  a	user  uses  kerberized	versions of the ftp, rdist, rcp, rlogin, rsh, or telnet clients to connect to a server, even if the user's
       claimed Kerberos V5 identity is authenticated, the user is not necessarily authorized. Authentication merely proves that the user  is  "who
       he says he is" to the Kerberos V5 authentication system. Authorization also needs to be done, since it determines if that Kerberos identity
       is permitted to access the Solaris user account that the client wants to access.

       Each user may have a private authorization list in a file ~/.k5login in his login directory (on the server). Each line in this file  should
       contain	a  Kerberos  principal name of the form principal/instance@realm. If the server finds a ~/.k5login file, then access is granted to
       the account if and only if the originating user is authenticated to one of the principals named in the ~/.k5login file.

       If there is no ~/.k5login file, the originating user will then be checked against the gsscred table (see gsscred(1M)).  If the  originating
       user's  Kerberos  V5  identity  is  in  the gsscred table, and if the UNIX user id in the gsscred table corresponds to the user account the
       client is trying access, then the originating user is granted access to the account on the server. If the UNIX user id does not match, then
       the originating user is denied access.

       For  example, suppose the originating user has a principal name of jdb@ENG.ACME.COM and the target account is jdb-user. If jdb@ENG.ACME.COM
       appears in the gsscred table with uid 23154 and if jdb-user appears in the user account database  (see  passwd(4))  with  uid  23154,  then
       access to account jdb-user is granted.  Of course, normally, the target account name in this example would be jdb and not jdb-user.

       Finally,  if there is no ~/.k5login file and if the originating user's Kerberos V5 identity is not in the gsscred table, then the user will
       be granted access to the account if and only if all of the following are true:

	 o  The user part of the authenticated principal name is the same as the target account name specified by the client.

	 o  The realm part of the client and server are the same.

	 o  The target account name exists on the server.

       For example, if the originating user has a principal name of jdb@ENG.ACME.COM and if the server is in realm SALES.ACME.COM,  then  even	if
       jdb  is	a  valid account name on the server, the client would be denied access. This is because the realms SALES.ACME.COM and ENG.ACME.COM
       differ.

FILES

       ~/.k5login      Per user-account authorization file.

       /etc/passwd     System account file. This information may also be in a directory service. See passwd(4).

ATTRIBUTES

       See attributes(5) for a description of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Evolving			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       ftp(1), rcp(1), rdist(1), rlogin(1), rsh(1), telnet(1), gsscred(1M), passwd(4), attributes(5), gss_auth_rules(5)

NOTES

       To avoid security problems, the ~/.k5login file must be owned by the remote user.

SunOS 5.10							    13 Apr 2004 						krb5_auth_rules(5)
All times are GMT -4. The time now is 08:05 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy