https://community.hpe.com/t5/operating-system-hp-ux/rsa-security-sdshell-problems/m-p/3477073#M212775 We have implimented use of RSA security on our 11.11 system. To do so the RSA shell sdshell is loaded at login in the passwd file. Everything is fine until the users starts Robelle's suprtool and opens and Oracle database instance which then prompts for the RSA passcode again. Can anyone tell me how to reset the default shell after the sdshell has executed at login so we are not prompted again for the passcode when anther shell is spawned?<BR /> Wed, 02 Feb 2005 15:00:23 GMT Scott Edwards_6 2005-02-02T15:00:23Z https://community.hpe.com/t5/operating-system-hp-ux/rsa-security-sdshell-problems/m-p/3477073#M212775 We have implimented use of RSA security on our 11.11 system. To do so the RSA shell sdshell is loaded at login in the passwd file. Everything is fine until the users starts Robelle's suprtool and opens and Oracle database instance which then prompts for the RSA passcode again. Can anyone tell me how to reset the default shell after the sdshell has executed at login so we are not prompted again for the passcode when anther shell is spawned?<BR /> Wed, 02 Feb 2005 15:00:23 GMT https://community.hpe.com/t5/operating-system-hp-ux/rsa-security-sdshell-problems/m-p/3477073#M212775 Scott Edwards_6 2005-02-02T15:00:23Z https://community.hpe.com/t5/operating-system-hp-ux/rsa-security-sdshell-problems/m-p/3477074#M212776 Oracle is not certified on that shell.<BR /><BR />Is certified for ksh korn shell or posix.<BR /><BR />The oracle user id needs a regular shell I think.<BR /><BR />SEP Wed, 02 Feb 2005 15:09:57 GMT https://community.hpe.com/t5/operating-system-hp-ux/rsa-security-sdshell-problems/m-p/3477074#M212776 Steven E. Protter 2005-02-02T15:09:57Z https://community.hpe.com/t5/operating-system-hp-ux/rsa-security-sdshell-problems/m-p/3477075#M212777 This seems to be true. My question then would be how to change the shell after logon. This has to be done so that the shell is changed in the /etc/passwd file after logon using "chsh $LOGNAME /usr/bin/sh" but then it needs to be returned to the RSA shell "/opt/ace/prog/sdshell" upon logout. It can not be left to the user to do this or they will bypass logging on through the RSA/ACE server the next time the login. Thanks for the help! Thu, 03 Feb 2005 10:36:59 GMT https://community.hpe.com/t5/operating-system-hp-ux/rsa-security-sdshell-problems/m-p/3477075#M212777 Scott Edwards_6 2005-02-03T10:36:59Z https://community.hpe.com/t5/operating-system-hp-ux/rsa-security-sdshell-problems/m-p/3477076#M212778 At the command prompt:<BR /><BR />/usr/bin/ksh<BR /><BR />That changes you to the Korn shell.<BR /><BR />Scripting, especially the oracle startup scripts needs to specify the shell.<BR /><BR />#!/sbin/sh<BR /><BR />Posix shell.<BR /><BR />SEP Thu, 03 Feb 2005 10:50:24 GMT https://community.hpe.com/t5/operating-system-hp-ux/rsa-security-sdshell-problems/m-p/3477076#M212778 Steven E. Protter 2005-02-03T10:50:24Z https://community.hpe.com/t5/operating-system-hp-ux/rsa-security-sdshell-problems/m-p/3477077#M212779 It would be possible to set oracle's shell to /bin/sh and still use SecurID auth for the initial login if you use a patched build of OpenSSH.<BR /><BR />There are patches avail for OpenSSH that add SecurID support. Here's a url w/ the patches for more info. If you need steps on how to compile, let me know. I'd be happy to share my experience w/ building and using OpenSSH with SecurID support.<BR /><BR /><A href="http://sweb.cz/v_t_m/" target="_blank">http://sweb.cz/v_t_m/</A><BR /><BR /><BR />-denver Thu, 03 Feb 2005 10:59:02 GMT https://community.hpe.com/t5/operating-system-hp-ux/rsa-security-sdshell-problems/m-p/3477077#M212779 Denver Osborn 2005-02-03T10:59:02Z