11-04-2004
Can you get in with the user account with telnet, rlogin, and/or ftp? Can you su - user as root?
Check that the user account is okay by looking at it in /etc/passwd - insure it has a valid shell.
ssh to the server as root, then ssh to the same server as user - there may be error messages that you aren't seeing due to the window closing.
Check /var/adm/messages for any errors.
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
OK so i have a virtual server where i store files. one day i tied to login and i couldn't connect to my sevrer so i logged into my ssh and checked to see if the process was running. proftp was not. I then tried to start it manually and got the error below. Now the domain listed there is not mine... (2 Replies)
Discussion started by: thirddegreekris
2 Replies
2. UNIX for Advanced & Expert Users
Hi All,
a bit of a weird one here. I'm trying to pass a variable into an awk command, and I keep getting an error.
I have the line
nawk -F"," -v red=$random_variable '{print $red}' $w_dir/$file_name > $w_dir/${column_name}
that keeps failing with the error
nawk: can't open file {print... (17 Replies)
Discussion started by: Khoomfire
17 Replies
3. HP-UX
Hello all,
Normally I'm pretty comfortable with crontab, changing and updating (done it many-a-time).
But in the last two days I've been pulling my hair out over the following...
Details of OS:
HP-UX mdirect B.11.23 U ia64 2587410573 unlimited-user license
Issue:
Execute a script (very... (3 Replies)
Discussion started by: Cameron
3 Replies
4. Shell Programming and Scripting
I have a file called merge2.t:
Hi
Hello how are you.
</Endtag> <New> I am fine.</New>
This is a test.
freelong
how
Here is the SED:
sed -n ' /<\/Endtag>/ !{
H
}
/<\/Endtag>/ {
x
p
} (4 Replies)
Discussion started by: freelong
4 Replies
5. Shell Programming and Scripting
Hi,
Could any one help me to extract data from a report.
I would like to get the two lines which are just below the separations
I have a report like this
--------------------------------------------------------------------------
Pid Command Inuse Pin Pgsp Virtual... (2 Replies)
Discussion started by: ajilesh
2 Replies
6. UNIX for Advanced & Expert Users
Hi,
I am setting up SUID permissions on a binary.
It gets set for most of the users, however, 1 in 10 users is unable to set these.
For those who works:
> chmod 6555 Test
> ls -l Test
-r-sr-sr-x 1 A B 5524 Nov 15 14:53 Test
For those where it doesn't work:
> chmod 6555 Test... (14 Replies)
Discussion started by: vibhor_agarwali
14 Replies
7. Shell Programming and Scripting
Hello;
Am trying to correct the formatting of tail output over ssh.
Using the following code:
echo "" > $FILE
for BOX in $SERVERS
do
echo "Processing on $BOX" |tee -a $FILE
echo "===============================" >> $FILE
sudo ssh $BOX 'TERMINAL="vt100" /usr/bin/sh -s' <... (2 Replies)
Discussion started by: delphys
2 Replies
8. AIX
We recently upgraded 2 of our AIX 6.1 servers from TL4 to TL5.
Both servers are on the same p7 780 frame, installed at the same time from the same image. Both servers are mounting the same nfs share after reboot what worked perfectly fine until the upgrade.
Since the patching, one of the two... (5 Replies)
Discussion started by: zxmaus
5 Replies
9. Shell Programming and Scripting
I run this
#!/bin/bash
cron=$(ps aux | grep crond | grep -v grep | grep -o crond| uniq)
echo "cron :$cron:"
if ; then
echo "OK: crond service running fine on `hostname`"
exit 2
else
echo "CRITICAL: crond service not running on `hostname`"
exit 0... (2 Replies)
Discussion started by: anil510
2 Replies
10. Shell Programming and Scripting
Hi Guys,
I have used Perl scripting to convert XLSX file to TXT file using Perl module Spreadsheet::XLSX.
I processed one XLSX file having one column and 65k rows of data .
Strangely ,It is merging data for every 2047 row and I could see data in TXT file as Ex: Suppose in XLSX file ,if... (2 Replies)
Discussion started by: Rajk459
2 Replies
LEARN ABOUT PLAN9
krb5_auth_rules
krb5_auth_rules(5) Standards, Environments, and Macros krb5_auth_rules(5)
NAME
krb5_auth_rules - Overview of Kerberos V5 authorization
DESCRIPTION
When a user uses kerberized versions of the ftp, rdist, rcp, rlogin, rsh, or telnet clients to connect to a server, even if the user's
claimed Kerberos V5 identity is authenticated, the user is not necessarily authorized. Authentication merely proves that the user is "who
he says he is" to the Kerberos V5 authentication system. Authorization also needs to be done, since it determines if that Kerberos identity
is permitted to access the Solaris user account that the client wants to access.
Each user may have a private authorization list in a file ~/.k5login in his login directory (on the server). Each line in this file should
contain a Kerberos principal name of the form principal/instance@realm. If the server finds a ~/.k5login file, then access is granted to
the account if and only if the originating user is authenticated to one of the principals named in the ~/.k5login file.
If there is no ~/.k5login file, the originating user will then be checked against the gsscred table (see gsscred(1M)). If the originating
user's Kerberos V5 identity is in the gsscred table, and if the UNIX user id in the gsscred table corresponds to the user account the
client is trying access, then the originating user is granted access to the account on the server. If the UNIX user id does not match, then
the originating user is denied access.
For example, suppose the originating user has a principal name of jdb@ENG.ACME.COM and the target account is jdb-user. If jdb@ENG.ACME.COM
appears in the gsscred table with uid 23154 and if jdb-user appears in the user account database (see passwd(4)) with uid 23154, then
access to account jdb-user is granted. Of course, normally, the target account name in this example would be jdb and not jdb-user.
Finally, if there is no ~/.k5login file and if the originating user's Kerberos V5 identity is not in the gsscred table, then the user will
be granted access to the account if and only if all of the following are true:
o The user part of the authenticated principal name is the same as the target account name specified by the client.
o The realm part of the client and server are the same.
o The target account name exists on the server.
For example, if the originating user has a principal name of jdb@ENG.ACME.COM and if the server is in realm SALES.ACME.COM, then even if
jdb is a valid account name on the server, the client would be denied access. This is because the realms SALES.ACME.COM and ENG.ACME.COM
differ.
FILES
~/.k5login Per user-account authorization file.
/etc/passwd System account file. This information may also be in a directory service. See passwd(4).
ATTRIBUTES
See attributes(5) for a description of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Interface Stability |Evolving |
+-----------------------------+-----------------------------+
SEE ALSO
ftp(1), rcp(1), rdist(1), rlogin(1), rsh(1), telnet(1), gsscred(1M), passwd(4), attributes(5), gss_auth_rules(5)
NOTES
To avoid security problems, the ~/.k5login file must be owned by the remote user.
SunOS 5.10 13 Apr 2004 krb5_auth_rules(5)