HPE Community
Operating System - HP-UX
1822231 Members
3791 Online
109642 Solutions
New Discussion юеВ

Remote login user characteristics

 
Marco Santerre
Honored Contributor

тАО09-21-2004 03:02 AM

тАО09-21-2004 03:02 AM

Remote login user characteristics

HI everyone,

I've been doing some searches and found a couple of threads similar to this one :
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=469590

but unfortunately, I was looking more for somehting that equates to the "REMOTE LOGIN ALLOWED" characteristic on AIX.

Does anyone know if that is AIX specific.. or is there a file somewhere that could contain this security feature?

Thanks

Marco
Cooperation is doing with a smile what you have to do anyhow.
0 Kudos
Reply
3 REPLIES 3
Sundar_7
Honored Contributor

тАО09-21-2004 03:22 AM

тАО09-21-2004 03:22 AM

Re: Remote login user characteristics

If you can explain us what exactly your "REMOTE LOGIN ALLOWED" achieves in AIX, I am sure forum folks can come up with good suggestions :-)
Learn What to do ,How to do and more importantly When to do ?
0 Kudos
Reply
Marco Santerre
Honored Contributor

тАО09-21-2004 03:44 AM

тАО09-21-2004 03:44 AM

Re: Remote login user characteristics

I apologize for not explaining..

The remote login characteristic in AIX basically stops someone from logging in using that User ID from anywhere remote (rsh, telnet, etc.. ) but doesn't stop it from local (ex. console, and applications using that User ID)

As I mentionned I followed a couple of threads that discussed forcing su for generic IDs.. and it goes along that line but, in AIX, they get that with a User characteristic.. was wondring if the same thing can be found on HP-UX..
Cooperation is doing with a smile what you have to do anyhow.
0 Kudos
Reply
Sundar_7
Honored Contributor

тАО09-21-2004 04:18 AM

тАО09-21-2004 04:18 AM

Re: Remote login user characteristics

For root, you have /etc/securetty file that you can use to restrict the terminals from which root is allowed to login.

But for other normal users, there is no direct straight-forward way to achieve this.

You might have to do little scripting.

You can try somehting like this

# vi /etc/profile
..
..
grep -q "^$LOGNAME" /etc/RES_USRS > /dev/null 2>&1
if [ $? -eq 0 ]
then
grep "^$LOGNAME" /etc/RES_USRS | grep -q `tty` >/dev/null 2>&1
if [ $? -ne 0 ]
then
echo "User $LOGNAME is not allowed to login from Terminal: `tty`"
exit 1
fi
fi

#

# vi /etc/RES_USRS
user1 /dev/console /dev/term01 /dev/term02
user2 /dev/console
user3 /dev/term03
..
..
#

But note, if the user's login shell is CSH, /etc/profile wont be executed and thus the user can remote login to the system.
Learn What to do ,How to do and more importantly When to do ?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.