HPE Community
Operating System - HP-UX
1753753 Members
5322 Online
108799 Solutions
New Discussion юеВ

Re: trusted system -id getting locked.

 
MSwift
Regular Advisor

тАО10-22-2009 08:58 AM

тАО10-22-2009 08:58 AM

trusted system -id getting locked.

One ID is getting locked out daily. here is the enrty from /tcb/files/auth/d

dmqmgr:u_name=dmqmgr:u_id#110:\
:u_pwd=FKQtgBwecL9.I:\
:u_auditid#61:\
:u_auditflag#1:\
:u_minchg#0:u_exp#0:u_life#0:u_succhg#1256228932:\
:u_llogin#0:u_pw_expire_warning#0:u_pswduser=dmqmgr:u_suclog#1256229060:
\
:u_suctty=pts/tt:u_unsuclog#1256228639:u_lock@:chkent:

is there anything wrong with this setup, not sure why i have to reset it every morning! (the user says they are not locking themselves out but getprpw does not say 00000000. Please help

Thanks

Mike.

0 Kudos
Reply
19 REPLIES 19
DogBytes
Valued Contributor

тАО10-22-2009 09:11 AM

тАО10-22-2009 09:11 AM

Re: trusted system -id getting locked.

My first thought it check your version of secure shell. Getting the latest version at
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=T1471AA
may fix the issue.
0 Kudos
Reply
Robert Salter
Respected Contributor

тАО10-22-2009 09:21 AM

тАО10-22-2009 09:21 AM

Re: trusted system -id getting locked.

What does the getprpw say?
Time to smoke and joke
0 Kudos
Reply
MSwift
Regular Advisor

тАО10-22-2009 11:58 AM

тАО10-22-2009 11:58 AM

Re: trusted system -id getting locked.

# /usr/lbin/getprpw dmqmgr
uid=117, bootpw=NO, audid=61, audflg=1, mintm=0, maxpwln=-1, exptm=0, lftm=0, sp
wchg=Thu Oct 22 12:28:52 2009, upwchg=-1, acctexp=-1, llog=0, expwarn=0, usrpick
=DFT, syspnpw=DFT, rstrpw=DFT, nullpw=DFT, admnum=-1, syschpw=DFT, sysltpw=DFT,
timeod=-1, slogint=Thu Oct 22 13:18:24 2009, ulogint=Thu Oct 22 15:26:33 2009, s
loginy=pts/tt, culogin=6, uloginy=-1, umaxlntr=-1, alock=NO, lockout=0001000
0 Kudos
Reply
Patrick Wallek
Honored Contributor

тАО10-22-2009 12:04 PM

тАО10-22-2009 12:04 PM

Re: trusted system -id getting locked.

>>lockout=0001000

That means too many login attempts with the incorrect password. So someone/something is trying to log in with the incorrect password too many times.

Try looking at 'lastb -R dmqmgr' and see what it returns. It will return the bad logins, with the IP/hostname of the system, for this use.

The meaning of each position of the lockout string (from the getprpw man page), from left to right is:

lockout - returns the reason for a lockout in a "bit" valued string, where 0 = condition not present, 1 is present. The position, left to right represents:

1 past password lifetime
2 past last login time (inactive account)
3 past absolute account lifetime
4 exceeded unsuccessful login attempts
5 password required and a null password
6 admin lock
7 password is a *
0 Kudos
Reply
MSwift
Regular Advisor

тАО10-22-2009 12:16 PM

тАО10-22-2009 12:16 PM

Re: trusted system -id getting locked.

yes i understand that part!! But the problem is they are currently logged in and did not make an unsucessful attempt. I have also pasted their /tcb/files/auth/d

dmqmgr:u_name=dmqmgr:u_id#110:\
:u_pwd=FKQtgBwecL9.I:\
:u_auditid#61:\
:u_auditflag#1:\
:u_minchg#0:u_exp#0:u_life#0:u_succhg#1256228932:\
:u_llogin#0:u_pw_expire_warning#0:u_pswduser=dmqmgr:u_suclog#1256229060:
\
:u_suctty=pts/tt:u_unsuclog#1256228639:u_lock@:chkent:

is their anything wrong with this?

Also when i do lastb -R dmqmgr i get this

Memory fault(coredump)

Thanks

Mike
0 Kudos
Reply
Raj D.
Honored Contributor

тАО10-22-2009 12:21 PM

тАО10-22-2009 12:21 PM

Re: trusted system -id getting locked.

Mike,
By defat maximum login retry is 3 before it locksout , if you want to set it to 10 you can set umaxlntr to 10 or a similar value, so that it will not lockout frequently ,


To Change the umaxlntr value,

# cd /usr/lbin/; ./modprpw -m umaxlntr=10 operuser #[ where operuser is the usernme ]
# ./getprpw operuser



Cheers,
Raj.
" If u think u can , If u think u cannot , - You are always Right . "
0 Kudos
Reply
Patrick Wallek
Honored Contributor

тАО10-22-2009 12:21 PM

тАО10-22-2009 12:21 PM

Re: trusted system -id getting locked.

>>did not make an unsucessful attempt.

Something made too many unsuccessful attempts.

The set up looks good. There is nothing in the setup that would cause it to be disabled with a '1' in the 4th position.

I also just noticed this in your getprpw output:

ulogint=Thu Oct 22 15:26:33 2009

Someone tried, unsuccessfully, to log in to this account this afternoon at 15:26:33. So, someone, somewhere IS trying to login.
0 Kudos
Reply
MSwift
Regular Advisor

тАО10-22-2009 12:26 PM

тАО10-22-2009 12:26 PM

Re: trusted system -id getting locked.

they are still logged in, that is why i am amazed at the counter. something is wrong!!!

Mike
0 Kudos
Reply
Patrick Wallek
Honored Contributor

тАО10-22-2009 12:31 PM

тАО10-22-2009 12:31 PM

Re: trusted system -id getting locked.

>>they are still logged in,

That is irrelevant!!!!

>>that is why i am amazed at the counter.
>>something is wrong!!!

No, NOTHING is wrong! As I said, someone somewhere IS TRYING login with this ID. That's why it keeps getting disabled.

As I said above, your getprpw output shows 'ulogint' time of this afternoon. ulogint mean "unsuccessful login time".

With regard to your "lastb" problem, have a look at this thread:
http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=5605

If you can get this fixed, then you should be able to tell who/where the bad login is coming from.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.