enable a user for direct login to hp-ux

kashyapi · ‎02-12-2010

One user(say xyz) is disabled to login into the system through ssh(putty) as its application user.Every user has to login to the system and then su - user.But now i want to enable that user to login directly to the box and i am not able to do that.I did not find any entry on sshd_config and /etc/securetty and also i checked /etc/default/security.

Johnson Punniyalingam · ‎02-12-2010

>>One user(say xyz) is disabled to login into the system through ssh(putty) as its application user.<<<<<<

how did you configur (that xyz) application user to not able to login via ssh directly ???

Problems are common to all, but attitude makes the difference

johnsonpk · ‎02-12-2010

Is user xyz is a valid unix user?

check in /etc/passwd , if not create a user on the server using useradd command or through SAM

Horia Chirculescu · ‎02-12-2010

Having an application user does not guarantee that he is also a system user.

You must be sure that this user have a valid account on your system.

Horia.

Best regards from Romania,
Horia.

kashyapi · ‎02-12-2010

Its a valid user.Apllication is run by that user.Its like orcle user.i can login to that box and run #su - xyz, then provide password of that user.Then i can start and stop application using that user.But now for specific application requirement we want to enable that account for direct login.

can you pls help me out , what may be configuration which i have to change.

Johnson Punniyalingam · ‎02-12-2010

>>>can you pls help me out , what may be configuration which i have to change.<<<

Its pritty odd to find out how you orangisation has "configured your "oracle id (i.e xyz) to disable direct login, because as far as i know, i have done only for disable direct "root" login in server via (ssh_config) file.

it depends there are many ways you can disable "direct direct login for "specfic user id"

1) by ssh_config file,

2) Set the password field in /etc/passwd to "*" to disable login access to the oracle account than use sudo ,

For example, to log in as oracle:

/bin/sudo -u oracle

3) write script place under /etc/profile or /etc/csh.login to quick check & that terminates the shell if the $(logname) matches a list of restricted users

Choices :- you need check

1) You need thorugh check under (ssh_confif) file
2) check /etc/passwd for "*" for user account (xyz)
3) check any script in place to restrict direct login for (xyz) user /etc/profile or /etc/csh.login

we all would be clueless , if you d'not know the history how (your applicatio user id (xyz) has been configured to disable direct login)

Quick fix :-

1) Install sudo and you achive it
2) try to login direct using (Console login of that particular user (xyz)

Hope this Helps,

Thanks,
Johnson Punniyalingam.

Problems are common to all, but attitude makes the difference

kashyapi · ‎02-14-2010

Hi John,

Thanks for your findings, which tends to solution..Following are my findings..

1.There is no entry for xyz user in ssh_config
2.no enry /etc/csh.login
2.i found one script in /etc/profile which terminates xyz login.I have removed those lines of scripts .Still i am not able able to login using xyz.

When i am trying to login , after putting password, i am getting "Access denied"
If it is blocked by /etc/profile , this "Accesss Denied " shoild not come.

This system is TRUSTED MODE.

Is there any checks by systems before /etc/profile?

Johnson Punniyalingam · ‎02-14-2010

>>When i am trying to login , after putting password, i am getting "Access denied"
If it is blocked by /etc/profile , this "Accesss Denied " shoild not come.<<<

did you tried login directory via console of the user id ???

can post the command outputs

# finger

#/usr/lbin/getprpw -k

#/usr/lbin/modprpw -k

Problems are common to all, but attitude makes the difference

kashyapi · ‎02-14-2010

Hi John,
I am not able to login thru console.following is the output which yu wanted
HOSTA:/>finger suadm
Login name: suadm
Directory: /home/suadm Shell: /usr/bin/sh
Last login Sun Feb 14 18:35 on console
New mail received Mon Feb 15 00:10:01 2010;
unread since Mon Feb 15 05:40:53 2010
No Plan.
HOSTA:/>/usr/lbin/getprpw suadm
uid=103, bootpw=NO, audid=56, audflg=1, mintm=-1, maxpwln=-1, exptm=-1, lftm=-1, spwchg=Mon Feb 15 04:55:52 2010, upwchg=-1, acctexp=-1, llog=-1, expwarn=-1,
usrpick=DFT, syspnpw=DFT, rstrpw=DFT, nullpw=DFT, admnum=-1, syschpw=DFT, sysltpw=DFT, timeod=-1, slogint=Mon Feb 15 05:40:53 2010, ulogint=Mon Feb 15 04:55:0
2 2010, sloginy=pts/1, culogin=-1, uloginy=-1, umaxlntr=-1, alock=NO, lockout=0000000
HOSTA:/>/usr/lbin/modprpw -k suadm
HOSTA:/>

kashyapi · ‎02-15-2010

Thanks to you all for your support and time.
xyz user able to login directly.I made entry for xtz in the following file.
/etc/opt/ldapux/pam_authz.policy

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

enable a user for direct login to hp-ux

enable a user for direct login to hp-ux

Re: enable a user for direct login to hp-ux

Re: enable a user for direct login to hp-ux

Re: enable a user for direct login to hp-ux

Re: enable a user for direct login to hp-ux

Re: enable a user for direct login to hp-ux

Re: enable a user for direct login to hp-ux

Re: enable a user for direct login to hp-ux

Re: enable a user for direct login to hp-ux

Re: enable a user for direct login to hp-ux