HPE Community
Operating System - HP-UX
1833017 Members
2063 Online
110048 Solutions
New Discussion

Console login

 
muthamilan
Frequent Advisor

‎08-16-2003 02:23 AM

‎08-16-2003 02:23 AM

Console login

hi friends
Once again i need your help.i'm having hp-ux 11.In my HP-UX 11 console i can login as a root,but user id can't login on console.I think in hpux 10.20 remove /etc/securetty file then user can login on console.In hpux 11 what can i do?kindly guide me friends.

Thanks and Regards
S.Muthu
0 Kudos
Reply
11 REPLIES 11
Michael Tully
Honored Contributor

‎08-16-2003 02:39 AM

‎08-16-2003 02:39 AM

Re: Console login

HPUX 11 uses the same concept for logging in at the console for root. Yes remove /etc/securetty but you must be root in order to do so. Is a user account locked out?
If the system is trusted you can unlock an account by using

# /usr/lbin/modprpw -k
Anyone for a Mutiny ?
0 Kudos
Reply
Keith Bevan_1
Trusted Contributor

‎08-16-2003 02:49 AM

‎08-16-2003 02:49 AM

Re: Console login

Hi,

/etc/securetty still works on HPUX 11.

creating a zero length file called /etc/securetty will prevent the root account from being accessed directly from any terminal line (including the console).

However the users can still use the console for other logins and use su from their own account in the unlikely event that they know the root password.

Keith
You are either part of the solution or part of the problem
0 Kudos
Reply
muthamilan
Frequent Advisor

‎08-16-2003 02:54 AM

‎08-16-2003 02:54 AM

Re: Console login

Hi Michael

But i didn't see /etc/securetty file on my hpux11.but user can't able to login in console.
root user only able to login on console.

0 Kudos
Reply
Michael Tully
Honored Contributor

‎08-16-2003 04:15 AM

‎08-16-2003 04:15 AM

Re: Console login

what if any messages are being received by the user when they try to login? This might help us identify the problem. Is this account being used by an operator or the like??
Anyone for a Mutiny ?
0 Kudos
Reply
Keith Bevan_1
Trusted Contributor

‎08-16-2003 04:37 AM

‎08-16-2003 04:37 AM

Re: Console login

Hi,

One additional item to check is :-

Do you have the file /var/adm/inetd.sec

If so review its contents in relation to the advice and usage detailed on the man page inetd.sec.

Keith
You are either part of the solution or part of the problem
0 Kudos
Reply
muthamilan
Frequent Advisor

‎08-16-2003 06:05 AM

‎08-16-2003 06:05 AM

Re: Console login

hi friends
while user login on console then no error message.that time system once again goto authentication menu i.e., once again ask user name and password.if i give root user id and password then it will goes normally.
i didn't see /var/adm/ined.sec* files.
kindly guide me friends.

0 Kudos
Reply
Rainer von Bongartz
Honored Contributor

‎08-17-2003 10:48 PM

‎08-17-2003 10:48 PM

Re: Console login

Is this a trusted system ????

If yes check to see if there is a line

console:t_devname=console:t_maxtries#777:chkent:

in /tcb/files/ttys


Regards
Rainer
He's a real UNIX Man, sitting in his UNIX LAN making all his UNIX plans for nobody ...
0 Kudos
Reply
muthamilan
Frequent Advisor

‎08-17-2003 11:04 PM

‎08-17-2003 11:04 PM

Re: Console login

Dear Rainer
No it's not trusted system.

Thanks and Regards
S.Muthu
0 Kudos
Reply
Massimo Bianchi
Honored Contributor

‎08-18-2003 12:38 AM

‎08-18-2003 12:38 AM

Re: Console login

Hi,
i suspect an hand-made security.

login from the console and check all the
/etc/profile
.profile
.login

to see if there is a check against the tty.

i thik of a user exit to prevent root from logging in..

Massimo

0 Kudos
Reply
yogesh_4
Regular Advisor

‎08-18-2003 12:51 AM

‎08-18-2003 12:51 AM

Re: Console login

Dear Muthu ,

/etc/securetty is not generated bydefault when system is getting installed. We have to create it manually. Also in your case just check whether /var/adm/inetd.sec file exists and any login is restricted in that. Also whether this is happening only from console or for telnet also other nonroot users can not login ?
0 Kudos
Reply
Kelli Ward
Trusted Contributor

‎08-18-2003 05:31 AM

‎08-18-2003 05:31 AM

Re: Console login

Hi,
One annoyingly simple thing that got me once for a little while, no world read permissions for the /etc/hosts file.
You might want to check, just to be sure.
Good luck,
Kel
The more I learn, the more I realize how much more I have to learn. Isn't it GREAT!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.