How do I bypass NUMBER_OF_LOGINS_ALLOWED on a per user basis?

DeadPoet · ‎07-21-2010

Forum,

I am in need of bypassing the /etc/default/security NUMBER_OF_LOGINS_ALLOWED parameter on a per user basis. The server platforms in play are HP-UX B.11.11, B.11.23, and B.11.31. The servers are in Trusted mode. It appears that the /etc/pam_user.conf file should be able to accomplish this. However, I do not seem to be able to get the syntax correct.

Here is what I have tried:
###############################################
/etc/pam_user.conf

USER_A auth libpam_hpsec.so.1 bypass_limit_login
USER_A account libpam_hpsec.so.1 bypass_limit_login
USER_A session libpam_hpsec.so.1 bypass_limit_login
USER_A password libpam_hpsec.so.1 bypass_limit_login

###############################################

But, this has not worked for me. I know that I can do it globally in the /etc/pam.conf, but I need it on a per user basis.

Thanks in advance for any and all help.

Steven E. Protter · ‎07-21-2010

Shalom,

You might be able to put some code in /etc/profile or .profile to check all users and reject those not on the list if sessions exceed guidelines.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

DeadPoet · ‎07-21-2010

With our security policy, we must keep the NUMBER_OF_LOGINS_ALLOWED defined in /etc/default/security. This parameter is global, so i do not think the profile or .profile would work as I wish to bypass the value on a per user basis. I can bypass the setting globally, in /etc/pam.conf by setting:

sshd session required libpam_hpsec.so.1 bypass_limit_login

However, that would be the same as removing the entry from /etc/default/security.

Don Mallory · ‎07-22-2010

You may want to check that libpam_updbe has been configured in your pam. conf, otherwise, pam_user.conf is ignored.

Example:

login auth required libpam_hpsec.so.1
login auth required libpam_updbe.so.1
login auth sufficient libpam_krb5.so.1
login auth required libpam_unix.so.1 try_first_pass

login account required libpam_hpsec.so.1
login account required libpam_updbe.so.1
login account required libpam_authz.so.1
login account sufficient libpam_krb5.so.1
login account required libpam_unix.so.1

login session required libpam_hpsec.so.1
login session required libpam_updbe.so.1
login session sufficient libpam_krb5.so.1
login session required libpam_unix.so.1

login password required libpam_hpsec.so.1
login password required libpam_updbe.so.1
login password sufficient libpam_krb5.so.1
login password required libpam_unix.so.1

Bhadresh · ‎07-22-2010

Hi,

If you require different authentication methods for different users, place the special entry libpam_udpbe ahead of the authentication modules in /etc/pam.conf

For more information Have a look at following:
http://docs.hp.com/en/B2355-90950/ch08s17.html

Regards,
Bhadresh

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

How do I bypass NUMBER_OF_LOGINS_ALLOWED on a per user basis?

How do I bypass NUMBER_OF_LOGINS_ALLOWED on a per user basis?

Re: How do I bypass NUMBER_OF_LOGINS_ALLOWED on a per user basis?

Re: How do I bypass NUMBER_OF_LOGINS_ALLOWED on a per user basis?

Re: How do I bypass NUMBER_OF_LOGINS_ALLOWED on a per user basis?

Re: How do I bypass NUMBER_OF_LOGINS_ALLOWED on a per user basis?