- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Problem with accounts not being inactive
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-21-2009 10:12 AM
тАО09-21-2009 10:12 AM
Re: Problem with accounts not being inactive
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-21-2009 10:18 AM
тАО09-21-2009 10:18 AM
Re: Problem with accounts not being inactive
Like I said, the TCB DB (u_suclog in the account file) shows that the account was last logged in over 30 days ago, yet lastb shows 3 days ago and the system default inactivity is set to 30 days.
Now, when I reset the account and log in, the u_suclog field is updated... Yet for some unknown reason (the reason I started this thread), on occasion an account will get an old date put in this field and the symptom is that the account becomes locked due to "inactivity", even though it has been active.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-22-2009 12:27 AM
тАО09-22-2009 12:27 AM
Re: Problem with accounts not being inactive
>yet lastb shows 3 days ago and the system default inactivity is set to 30 days.
lastb(1) shows you when you did NOT login.
You need to use last(1).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-22-2009 04:45 AM
тАО09-22-2009 04:45 AM
Re: Problem with accounts not being inactive
I guess the real point here is, and the question remains, how is bad info getting put into the TCB? I've clearly shown that a user has been logged in within the last 30 days, yet their account is locked "due to inactivity" and the date in their TCB file shows their last successful login was over 30 days ago, which isn't accurate as they were just logged in withing the last couple of days. Where's the problem?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-22-2009 10:32 PM
тАО09-22-2009 10:32 PM
Re: Problem with accounts not being inactive
Ideally you would also find an entry using last(1) that would be a little more accurate. If you don't find any entries, that may explain things?
>which isn't accurate as they were just logged in within the last couple of days.
Does it show that in /var/adm/wtmps?
(Did you ever mention your OS version?)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-23-2009 04:51 AM
тАО09-23-2009 04:51 AM
Re: Problem with accounts not being inactive
First off, that may not be true either. What if I DID find entries in wtmp? What then? The info in the TCB is still wrong and the accounts are still getting locked because the corresponding entry in the TCB is outdated. And yes, wtmp is getting updated as users log in each day. On the other hand, if I don't find entries in wtmp, the info in the TCB is still wrong. As I've said, I've verified that users have logged in and their account still gets locked. What more do you want me to do?
Here's the thing. We have to clear wtmp every day for security purposes. That's why I was using lastb as a reference. And again, I've verified (physically, not via the system) that users WERE logged in in the last few days.
As I said, this has also happened to _MY_ normal user account and four days later it was locked. I checked the entry in the TCB for _MY_ account and it showed that my last successful login was over 30 days old, yet I just logged in to that very account just days prior. So it's not a case of the "users" not telling me accurate information (which I think is what was being implied and I agree that can happen, but that is clearly not the case here). As I've said several times, I've verified the accuracy (or lack thereof) of the information in the TCB. IT'S WRONG. As I have asked several times, why?
Yesterday I also verified that the entries (u_max_llogin for example) in /tcb/files/auth/system/default were also set correctly. They are. Yet the accounts are still getting locked after a few days (it appears to be 4). And it's because their u_suclog date is over 30 days old, yet they were logged in within just the last couple of days. So it seems very clear that this entry is getting updated with bad information. My question is, why? What would cause this?
This is on 11.11, BTW.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-23-2009 06:52 AM
тАО09-23-2009 06:52 AM
Re: Problem with accounts not being inactive
I just wanted to determine how systematic is the inaccurate reporting of login info. Is it only in the TCB or does it include wtmp?
>What more do you want me to do?
Have you reported the problem to the Response Center?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-23-2009 06:57 AM
тАО09-23-2009 06:57 AM
Re: Problem with accounts not being inactive
It appears that the u_suclog entries are not being updated at all. I reset my account on one of my systems Monday morning (Sep 21) because it was locked "due to inactivity" (which has a 30 day waiting period as mentioned before) and have logged in to the system every day since. Yet when I just checked the u_suclog entry on that system for my account, it shows a date of 1253539162, which is actually the time when I reset the account! So it does not appear this entry is being updated, at all. I checked another system that I log in to every day and it shows a date of August 14th. Even though I've logged into these systems every day of the week.
So I guess it's not time to call support to open a problem case...
I'll post what they tell me.
-Gonzo
- « Previous
-
- 1
- 2
- Next »