topic Re: Number logins allowed problem in Operating System - HP-UX

Number logins allowed problem

Peter Gillis — Fri, 16 Feb 2007 00:12:56 GMT

Hi,
hpux 11.11v1
I have /etc/default/security file setup with
NUMBER_OF_LOGINS_ALLOWED=6.
But this is allowing the users to only start up 4 sessions. Is anyone else experiencing the same? How sort it out? I would like to be able to say users can get 6 sessions up. I did try change the allowed number to 5 and then users could only get 3 sessions up.

any ideas??
thanks Maria

Re: Number logins allowed problem

Mridul Shrivastava — Fri, 16 Feb 2007 00:43:53 GMT

Which application do you use for sessions.. ie telnet, rlogin or CDE...

Since CDE does not limit the maximum number of logins based on the NUMBER_OF_LOGINS_ALLOWED variable in /etc/default/security prior to B.11.23_0409 release..

Re: Number logins allowed problem

Reshma Malusare — Fri, 16 Feb 2007 00:59:10 GMT

Hi Maria,
Check this parameter through SAM in auditing & security.check for general user policies.May be global setting is different.

Regards
Reshma

Re: Number logins allowed problem

Peter Gillis — Sun, 18 Feb 2007 17:41:49 GMT

Hi,
application is telnet.
This system is actually an untruusted system at the moment. So I am using /etc/default/security file to limit the sessions.
thanks
Maria

Re: Number logins allowed problem

Raj D. — Sun, 18 Feb 2007 18:33:35 GMT

Maria,

Remember this is applcable for non-root users,

Also check this link:
http://docs.hp.com/en/B2355-90696/security.4.html

Cheers,
Raj.

Re: Number logins allowed problem

Peter Gillis — Sun, 18 Feb 2007 19:04:50 GMT

Raj,
Thanks for reply. I understand this is for non-root users, and that is exactly what I want. NON-root users to be able to start up a max of 4 telnet sessions. At this moment I have the /etc/default/security file setup with NUMBER_OF_LOGINS_ALLOWED=6 . This is limiting the users to 4 telent sessions. But why is it that I now have to state the value as being 6. In the Past I had the value set as 4 and that was the number of telenet session sthe users could use. Now if I have 4 stated, the actual number of sessions the users can start up is 2!
thanks Maria

Re: Number logins allowed problem

Bill Hassell — Sun, 18 Feb 2007 20:26:10 GMT

Is this Xwindows or 'real' telnet sessions? When users are running an Xwindow emulator, it's a lot more complicated. The user is not running telnet but instead running CDE on their PC or other Xterminal display device. And starting a window is not a real telnet -- instead, they are asking the Desktop manager to start a program on the HP-UX box called dtterm or xterm, which in turn starts a session locally on the HP-UX box. The characters that you see on the screen were formed on the HP-UX box and the image is displayed on the Xwindow device. CDE/Xwindows complicates things considerably.

To verify 'normal' operation, use a PC to actually telnet to the system -- start a DOS window and telnet to your box. Then repeat with 3 additional sessions logged on as the same user. The 4th login attempt should be rejected if NUMBER_OF_LOGINS_ALLOWED=4.

I am not a fan of CDE at all, and use Xwindows *only* when there are graphics and drawings (but not CDE). A text window such as xterm or dtterm is a big consumer of bandwidth and PC power when a local telnet (or better yet, an ssh session for security) window is extremely low overhead.

I don't have a system to test CDE logins but I'm going to guess that login count is used to get the fancy desktop (CDE) started and then another one for each terminal window.

Re: Number logins allowed problem

Peter Gillis — Sun, 18 Feb 2007 21:19:05 GMT

HI Bill, thanks for info. This is definitely a straight Telnet session. No cde, no xwindows.
thanks
Maria

Re: Number logins allowed problem

Robert Fritz — Tue, 20 Feb 2007 15:00:33 GMT

That is pretty odd... I'll guess... maybe something is out of sync, and the system thinks you have two more logins than you do.

Does "who -T" show more sessions than 4?