HPE Community
Operating System - HP-UX
1833738 Members
2486 Online
110063 Solutions
New Discussion

Can not log in except on console

 
SOLVED
Go to solution
Stojcevski Dejan
Regular Advisor

‎02-21-2006 10:38 PM

‎02-21-2006 10:38 PM

Can not log in except on console

When I try to log in to the system via telnet I get the response:
'Direct login access for this user
is only allowed on the system console'.
Only root can log in via telnet. Every other user can log in to the system only trough console.OS: HP-UX 11i.
Any ideas?
Carpe Diem
0 Kudos
22 REPLIES 22
Senthil Kumar .A_1
Honored Contributor

‎02-21-2006 10:43 PM

‎02-21-2006 10:43 PM

Re: Can not log in except on console

Hi Dejan,

Can you check your /var/adm/inetd.sec file. could be there is some restriction on telnet service usage.

Regards,
Senthil
Let your effort be such, the very words to define it, by a layman - would sound like a "POETRY" ;)
0 Kudos
Kent Ostby
Honored Contributor

‎02-21-2006 10:44 PM

‎02-21-2006 10:44 PM

Re: Can not log in except on console

check your set up in /etc/securetty although it should not have this type of behavior for non-root users.

check /etc/profile to see if anyone has set up a script.

Also compare telnetd on this box to telnetd on other boxes to see if someone has made a change there.

"Well, actually, she is a rocket scientist" -- Steve Martin in "Roxanne"
0 Kudos
Stojcevski Dejan
Regular Advisor

‎02-21-2006 10:47 PM

‎02-21-2006 10:47 PM

Re: Can not log in except on console

/var/adm/inetd.sec is clean file with no entries except for service dtspc.
Also there is no file /etc/securetty in the file system.
Carpe Diem
0 Kudos
Arunvijai_4
Honored Contributor

‎02-21-2006 10:49 PM

‎02-21-2006 10:49 PM

Re: Can not log in except on console

Hello,

Check your /etc/securetty file.

-Arun
"A ship in the harbor is safe, but that is not what ships are built for"
0 Kudos
Senthil Kumar .A_1
Honored Contributor

‎02-21-2006 10:51 PM

‎02-21-2006 10:51 PM

Re: Can not log in except on console

Hi Dejan,

Is there any entries made by telnetd daemon, in /var/adm/syslog/syslog.log file.

If so , it could give some clues.

Regards,
Senthil
Let your effort be such, the very words to define it, by a layman - would sound like a "POETRY" ;)
0 Kudos
Stojcevski Dejan
Regular Advisor

‎02-21-2006 10:54 PM

‎02-21-2006 10:54 PM

Re: Can not log in except on console

No entries what so ever in syslog !
Carpe Diem
0 Kudos
Peter Godron
Honored Contributor

‎02-21-2006 11:01 PM

‎02-21-2006 11:01 PM

Re: Can not log in except on console

Hi,
when do you get this message? After supplying username/password ?

May be a silly suggestion, but have you checked your /etc/profile for some coding to this effect. We terminate all sessions for root this way. So root can only log on from console or via su.
0 Kudos
Muthukumar_5
Honored Contributor

‎02-21-2006 11:10 PM

‎02-21-2006 11:10 PM

Re: Can not log in except on console

What is there /etc/profile file? May be some script to break normal user login.

Are you using any tcp wrappers or any configuration in /etc/pam_user.conf.

--
Muthu
Easy to suggest when don't know about the problem!
0 Kudos
Muthukumar_5
Honored Contributor

‎02-21-2006 11:13 PM

‎02-21-2006 11:13 PM

Re: Can not log in except on console

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=16369

--
Muthu
Easy to suggest when don't know about the problem!
0 Kudos
Senthil Kumar .A_1
Honored Contributor

‎02-21-2006 11:15 PM

‎02-21-2006 11:15 PM

Re: Can not log in except on console

Hi Dejan,

The pattern u have mentioned is very close to a behaviour found due to the existense of the file called /etc/login.access in BSD version of unix, not too sure, it would be in HPUX.

Still no harm in checking. Please check whether there is a file namely,

/etc/login.access

Regards,
Senthil
Let your effort be such, the very words to define it, by a layman - would sound like a "POETRY" ;)
0 Kudos
Stojcevski Dejan
Regular Advisor

‎02-21-2006 11:17 PM

‎02-21-2006 11:17 PM

Re: Can not log in except on console

/etc/pam_usr.conf is clean file with no entries.
As for the .profile file - it is clean - it is a default file which i do have on other machines and they are working fine.
Carpe Diem
0 Kudos
Stojcevski Dejan
Regular Advisor

‎02-21-2006 11:20 PM

‎02-21-2006 11:20 PM

Re: Can not log in except on console

No file /etc/login.access on my system.
Carpe Diem
0 Kudos
Robert-Jan Goossens_1
Honored Contributor

‎02-21-2006 11:21 PM

‎02-21-2006 11:21 PM

Re: Can not log in except on console

Hi,

Check if the option nologin is set in the /etc/default/security

NOLOGIN=1

and check if there is a message in the /etc/nologin.

Robert-Jan
0 Kudos
Senthil Kumar .A_1
Honored Contributor

‎02-21-2006 11:23 PM

‎02-21-2006 11:23 PM

Re: Can not log in except on console

Hi Dejan,

2 more tests,

1) after login into a telnet session as root, are u able to switch to a normal user,

ex : su - user1

2) are you able to rlogin to the unix box as a normal user

Sorry for multiple replies.. just helping.. ;)

regards,
senthil
Let your effort be such, the very words to define it, by a layman - would sound like a "POETRY" ;)
0 Kudos
Peter Godron
Honored Contributor

‎02-21-2006 11:25 PM

‎02-21-2006 11:25 PM

Re: Can not log in except on console

Hi,
it the /etc/profile which gets executed before .profile in user directory.
Please check the /etc/profile file.

Try putting a debug statement like
echo "hello"
sleep 10
into the file. This would show what the daemons are accepting the connection.
0 Kudos
Muthukumar_5
Honored Contributor

‎02-21-2006 11:27 PM

‎02-21-2006 11:27 PM

Re: Can not log in except on console

Check these:

1) /etc/nologin file + /etc/defaults/security for NOLOGIN
2) /etc/profile


--
Muthu
Easy to suggest when don't know about the problem!
0 Kudos
Stojcevski Dejan
Regular Advisor

‎02-21-2006 11:37 PM

‎02-21-2006 11:37 PM

Re: Can not log in except on console

Hello to all,
I have found the message displayed during the login in the /etc/preprofile file! Can anyone tell me what this file is for?
There is no /etc/default/security file nor /etc/nologin file in my filesystem.
Carpe Diem
0 Kudos
Peter Godron
Honored Contributor

‎02-21-2006 11:48 PM

‎02-21-2006 11:48 PM

Solution

Re: Can not log in except on console

Hi,
as I suspected!
The /etc/profile file is a system-wide file to set up basic setup on login. Normally stuff like PATH, TIMEZONE, TERMINAL are sourced here. Also the login banner.
After this , depending on the shell, the users own .profile,.login etc. files are called in the users login directory.
0 Kudos
Arunvijai_4
Honored Contributor

‎02-21-2006 11:48 PM

‎02-21-2006 11:48 PM

Re: Can not log in except on console

Hello,

I have found the message displayed during the login in the /etc/preprofile file! Can anyone tell me what this file is for?
There is no /etc/default/security file nor /etc/nologin file in my filesystem.


/etc/preprofile or /etc/profile ??

Can you paste the malicious contents ?

-Arun
"A ship in the harbor is safe, but that is not what ships are built for"
0 Kudos
Arunvijai_4
Honored Contributor

‎02-21-2006 11:53 PM

‎02-21-2006 11:53 PM

Re: Can not log in except on console

Hello,

After the login program authentictes from /etc/password or /etc/shadow, it executes /etc/profile which is the default system wide setting and it goes on to individual user's profile.

-Arun
"A ship in the harbor is safe, but that is not what ships are built for"
0 Kudos
Stojcevski Dejan
Regular Advisor

‎02-21-2006 11:57 PM

‎02-21-2006 11:57 PM

Re: Can not log in except on console

First statement in /etc/profile is to source the /etc/prepeorfile file. Aftr that it goes in the user's home dir's and executes the .*** files. Now I have found the code on the /etc/preprofile file that is causing me the problems!
This is just for info. Consider this thread as closed.
Thanks to all.
Dejan.
Carpe Diem
0 Kudos
Stojcevski Dejan
Regular Advisor

‎02-21-2006 11:59 PM

‎02-21-2006 11:59 PM

Re: Can not log in except on console

Closing.
Thanks again.
Carpe Diem
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.