Operating System - HP-UX
1839311 Members
2699 Online
110138 Solutions
New Discussion

Re: How to restrict access to SMH Accounts for users and groups menu

 
SOLVED
Go to solution
JanShu150
Frequent Advisor

How to restrict access to SMH Accounts for users and groups menu

Hi All,

I would like to give my desktop technicians access right to reset programmers' passwords using SMH (GUI) and the "Accounts for users and groups" menu. This is a 11.31 itanium server. These desktop technicians isn't in the "operators" group and shouldn't create/delete users accounts or access other system information's in SMH. How to set this up?

I tried smh -r and added a test user to the "Accounts for users and groups menu", but this test user isn't able to login SMH (GUI) unless it is in the operators' group which has access to LVM information.

I am searching if there is a "secured" script that my desktop tech can run from their windows XP laptops to reset programmers' HP-UX passwords?

Or maybe it is more efficient to setup PAM-Kerberos for these programmers, so they can use their windows passwords to login this hp-ux server?

Can you please share your thoughts on this? Thank you.

Kind Regards,
Jan Shu
3 REPLIES 3
Ismail Azad
Esteemed Contributor
Solution

Re: How to restrict access to SMH Accounts for users and groups menu

Hi Jan,

I would like to tell you that by default SMH access is allowed only to those users in the group root and this can be checked with the command nsquery. If it's just user administration rights that you want to give, why don't you configure RBAC?

Regards
Ismail Azad
Read, read and read... Then read again until you read "between the lines".....
JanShu150
Frequent Advisor

Re: How to restrict access to SMH Accounts for users and groups menu

Hi Ismail,
Thanks for the information on rbac. I am checking it now.

Do you think CIFS server and PAM-Kerberos could be an easier solution for password reset?

Thanks,
Jan
JanShu150
Frequent Advisor

Re: How to restrict access to SMH Accounts for users and groups menu

I am still researching for the solution.