HPE Community
Operating System - Tru64 Unix
1752546 Members
4613 Online
108788 Solutions
New Discussion юеВ

Re: Auto Lock

 
Chris_769
New Member

тАО03-22-2005 10:42 PM

тАО03-22-2005 10:42 PM

Auto Lock

Hi,

I was wondering if someone knew how to set a user to have his account be automatically be locked out? A client would like that once a account is unlocked, the server (Tru64, 5.1B) would automatically be locked again by a certain time.
Thanks in advance for your response.

Cheers,
Chris
0 Kudos
14 REPLIES 14
Radouan Bouzite
Advisor

тАО03-23-2005 02:01 AM

тАО03-23-2005 02:01 AM

Re: Auto Lock

use u_unlock field , see man prpasswd
0 Kudos
Johan Brusche
Honored Contributor

тАО03-23-2005 02:38 AM

тАО03-23-2005 02:38 AM

Re: Auto Lock


Off-course that is only working after you configure C2-security.....ie secsetup

___ Johan.

_JB_
0 Kudos
Chris_769
New Member

тАО03-23-2005 03:37 AM

тАО03-23-2005 03:37 AM

Re: Auto Lock

Hi Johan,

Thanks for the response, but I could not see what I was looking for there.

What I am trying to do is have a user account be unlocked at a certain time and be locked again at certain time in a day.

This way the administrator does not have to manually go in to the account manager and unlock the account and then again lock it before he leaves, for instance.

Did I miss it in the man page or it is another cmd I need? A script or crontab entry?

Cheers,
Chris
0 Kudos
Victor Semaska_3
Esteemed Contributor

тАО03-23-2005 04:32 AM

тАО03-23-2005 04:32 AM

Re: Auto Lock

As Johan mentioned, you need to have Enhanced Security enabled. You can check/enable it with:

/usr/sbin/sysman secconfig

If you have to enable it I believe a reboot will be required.

Then add two entries in root's crontab.

To unlock the account:
/usr/sbin/usermod -x administrative_lock_applied=0

To lock the account:
/usr/sbin/usermod -x administrative_lock_applied=1

That should do it.

Vic
There are 10 kinds of people, one that understands binary and one that doesn't.
0 Kudos
Ann Majeske
Honored Contributor

тАО03-23-2005 08:48 AM

тАО03-23-2005 08:48 AM

Re: Auto Lock

If you have Enhanced Security (C2) enabled, you could try playing with the u_tod field directly (see "man prpasswd" and "man edauth") or you could set it with the usermod command (see "man usermod" and look for the text under -x "logon_hours"). This field "sets the days of the week and hours of the day during which the account holder can log in to the account", according to the usermod man page.

Ann
0 Kudos
Chris_769
New Member

тАО03-28-2005 06:20 PM

тАО03-28-2005 06:20 PM

Re: Auto Lock

Hi Ann,

That's great, thanks for the tip, will try it and hope it works. Thanks.

Cheers,
Chris
0 Kudos
Alexey Borchev
Regular Advisor

тАО03-29-2005 12:48 AM

тАО03-29-2005 12:48 AM

Re: Auto Lock

Cris,
1) You need C2 enabled indeed.
2) After that, You'll be able to setup working hours via Account manager.
It's little bit simpler&safier, than fiddling with config files directly.
The fire follows shedule...
0 Kudos
Chris_769
New Member

тАО03-31-2005 09:55 PM

тАО03-31-2005 09:55 PM

Re: Auto Lock

Hi All,

1st, thanks for your replys.
2nd, results: usermod did nto work. now the account is locked out all the time, cant get in, only get this:
Wrong time period to log into this account.

The crontab entry worked for locking the account, but not for unlocking it. Have Enhanced Security (C2), but dont have Accoutn manager, need to do this through cmds. Crontab had set for lock and then unlock 1:30 later same day specifics.

usermod had entered only one day for it to be locked, but now locked all days.

Any ideas?

Cheers,
Chris
0 Kudos
Victor Semaska_3
Esteemed Contributor

тАО04-01-2005 01:19 AM

тАО04-01-2005 01:19 AM

Re: Auto Lock

Chris,

I don't understand. I tried it on my test box and it worked fine. Could you list the crontab entries.

Also, that message 'Wrong time period to log into this account.' bothers me. I never seen that one before. Sounds like the 'Time of Day' field in the 'Login Restriction' security window was somehow set.

Why can't you run dxaccounts on the console?

Vic
There are 10 kinds of people, one that understands binary and one that doesn't.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.