System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

enable a user for direct login to hp-ux

kashyapi
Frequent Advisor

enable a user for direct login to hp-ux

One user(say xyz) is disabled to login into the system through ssh(putty) as its application user.Every user has to login to the system and then su - user.But now i want to enable that user to login directly to the box and i am not able to do that.I did not find any entry on sshd_config and /etc/securetty and also i checked /etc/default/security.
9 REPLIES
Johnson Punniyalingam
Honored Contributor

Re: enable a user for direct login to hp-ux

>>One user(say xyz) is disabled to login into the system through ssh(putty) as its application user.<<<<<<

how did you configur (that xyz) application user to not able to login via ssh directly ???
Problems are common to all, but attitude makes the difference
johnsonpk
Honored Contributor

Re: enable a user for direct login to hp-ux

Is user xyz is a valid unix user?

check in /etc/passwd , if not create a user on the server using useradd command or through SAM
Horia Chirculescu
Honored Contributor

Re: enable a user for direct login to hp-ux

Having an application user does not guarantee that he is also a system user.

You must be sure that this user have a valid account on your system.

Horia.
Best regards from Romania,
Horia.
kashyapi
Frequent Advisor

Re: enable a user for direct login to hp-ux

Its a valid user.Apllication is run by that user.Its like orcle user.i can login to that box and run #su - xyz, then provide password of that user.Then i can start and stop application using that user.But now for specific application requirement we want to enable that account for direct login.

can you pls help me out , what may be configuration which i have to change.
Johnson Punniyalingam
Honored Contributor

Re: enable a user for direct login to hp-ux

>>>can you pls help me out , what may be configuration which i have to change.<<<

Its pritty odd to find out how you orangisation has "configured your "oracle id (i.e xyz) to disable direct login, because as far as i know, i have done only for disable direct "root" login in server via (ssh_config) file.

it depends there are many ways you can disable "direct direct login for "specfic user id"

1) by ssh_config file,

2) Set the password field in /etc/passwd to "*" to disable login access to the oracle account than use sudo ,

For example, to log in as oracle:

/bin/sudo -u oracle

3) write script place under /etc/profile or /etc/csh.login to quick check & that terminates the shell if the $(logname) matches a list of restricted users


Choices :- you need check

1) You need thorugh check under (ssh_confif) file
2) check /etc/passwd for "*" for user account (xyz)
3) check any script in place to restrict direct login for (xyz) user /etc/profile or /etc/csh.login

we all would be clueless , if you d'not know the history how (your applicatio user id (xyz) has been configured to disable direct login)

Quick fix :-

1) Install sudo and you achive it
2) try to login direct using (Console login of that particular user (xyz)

Hope this Helps,

Thanks,
Johnson Punniyalingam.
Problems are common to all, but attitude makes the difference
kashyapi
Frequent Advisor

Re: enable a user for direct login to hp-ux

Hi John,

Thanks for your findings, which tends to solution..Following are my findings..

1.There is no entry for xyz user in ssh_config
2.no enry /etc/csh.login
2.i found one script in /etc/profile which terminates xyz login.I have removed those lines of scripts .Still i am not able able to login using xyz.

When i am trying to login , after putting password, i am getting "Access denied"
If it is blocked by /etc/profile , this "Accesss Denied " shoild not come.

This system is TRUSTED MODE.

Is there any checks by systems before /etc/profile?

Johnson Punniyalingam
Honored Contributor

Re: enable a user for direct login to hp-ux

>>When i am trying to login , after putting password, i am getting "Access denied"
If it is blocked by /etc/profile , this "Accesss Denied " shoild not come.<<<


did you tried login directory via console of the user id ???

can post the command outputs

# finger

#/usr/lbin/getprpw -k

#/usr/lbin/modprpw -k
Problems are common to all, but attitude makes the difference
kashyapi
Frequent Advisor

Re: enable a user for direct login to hp-ux

Hi John,
I am not able to login thru console.following is the output which yu wanted
HOSTA:/>finger suadm
Login name: suadm
Directory: /home/suadm Shell: /usr/bin/sh
Last login Sun Feb 14 18:35 on console
New mail received Mon Feb 15 00:10:01 2010;
unread since Mon Feb 15 05:40:53 2010
No Plan.
HOSTA:/>/usr/lbin/getprpw suadm
uid=103, bootpw=NO, audid=56, audflg=1, mintm=-1, maxpwln=-1, exptm=-1, lftm=-1, spwchg=Mon Feb 15 04:55:52 2010, upwchg=-1, acctexp=-1, llog=-1, expwarn=-1,
usrpick=DFT, syspnpw=DFT, rstrpw=DFT, nullpw=DFT, admnum=-1, syschpw=DFT, sysltpw=DFT, timeod=-1, slogint=Mon Feb 15 05:40:53 2010, ulogint=Mon Feb 15 04:55:0
2 2010, sloginy=pts/1, culogin=-1, uloginy=-1, umaxlntr=-1, alock=NO, lockout=0000000
HOSTA:/>/usr/lbin/modprpw -k suadm
HOSTA:/>
kashyapi
Frequent Advisor

Re: enable a user for direct login to hp-ux

Thanks to you all for your support and time.
xyz user able to login directly.I made entry for xtz in the following file.
/etc/opt/ldapux/pam_authz.policy