HPE Community
Operating System - HP-UX
1836869 Members
3141 Online
110110 Solutions
New Discussion

Re: u_llogin parameter in /tcb/files/auth/system/default

 
SOLVED
Go to solution
John Kittel
Trusted Contributor

‎05-25-2006 08:59 AM

‎05-25-2006 08:59 AM

u_llogin parameter in /tcb/files/auth/system/default

On only one of my several HP-UX 11.11 systems, the file /tcb/files/auth/system/default contains the parameter :u_llogin#0:

What is it?

I thought the file and parameters were documented in the man pages, - default(4), authcap(4), and particularly prpwd(4), - but unless I am just overlooking it, this parameter does not appear to be documented.


0 Kudos
Reply
8 REPLIES 8
Patrick Wallek
Honored Contributor

‎05-25-2006 09:06 AM

‎05-25-2006 09:06 AM

Re: u_llogin parameter in /tcb/files/auth/system/default

Have a look at 'man modprpw'. This explains almost everything, including the u_llogin parameter.
0 Kudos
Reply
John Kittel
Trusted Contributor

‎05-25-2006 10:03 AM

‎05-25-2006 10:03 AM

Re: u_llogin parameter in /tcb/files/auth/system/default

... all modprpw says about it is:

"llog=value database u_llogin.

Set the last login time interval (days). Used with u_succlog."

But what does that mean?

Also, prpwd man page says u_max_llogin ( notice that is not the same parameter name) is the maximum time allowed between logins. But in my system default security file u_llogin is = 0. So is it saying my system default maximum time between logins is 0? Then no one would ever be allowed to log in, would they?

0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎05-25-2006 10:35 AM

‎05-25-2006 10:35 AM

Re: u_llogin parameter in /tcb/files/auth/system/default

Almost certainly this should be u_max_llogin and since u_llogin is not a recognized tag, it is simply ignored and thus u_max_llogin is not set. Note that the default values only come into play if no corresponding entry is found in the user's tcb entry.

I gained my best understanding of all this and how it relates to the login process from the getprpwent man pages.
If it ain't broke, I can fix that.
0 Kudos
Reply
John Kittel
Trusted Contributor

‎05-25-2006 10:37 AM

‎05-25-2006 10:37 AM

Re: u_llogin parameter in /tcb/files/auth/system/default

Thank you. To get rid of the bogus "u_llogin" parameter, can I safely just edit the file with vi?
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎05-25-2006 01:05 PM

‎05-25-2006 01:05 PM

Re: u_llogin parameter in /tcb/files/auth/system/default

Yes.
If it ain't broke, I can fix that.
0 Kudos
Reply
rariasn
Honored Contributor

‎05-25-2006 10:46 PM

‎05-25-2006 10:46 PM

Re: u_llogin parameter in /tcb/files/auth/system/default

Hi John,

llog=value database u_llogin.

Set the last login time interval (days). Used with u_succlog.


http://docs.hp.com/en/B2355-60103/modprpw.1M.html

rgs,

ran

0 Kudos
Reply
Bob Ingersoll
Valued Contributor

‎05-26-2006 02:36 AM

‎05-26-2006 02:36 AM

Solution

Re: u_llogin parameter in /tcb/files/auth/system/default

The documentation incorrectly refers to u_llogin as u_max_llogin. u_llogin is the correct field name.

u_llogin - This value, in secconds, is the maximum time allowed between logins. If the time between the last login and the current time exceeds this value, the account is locked and the user can no longer logon.

In SAM u_llogin is "Maximum Inactive Time (days):"
Reply
John Kittel
Trusted Contributor

‎05-26-2006 05:36 AM

‎05-26-2006 05:36 AM

Re: u_llogin parameter in /tcb/files/auth/system/default

Yea Bob! That is the correct answer.

The documentation is wrong.

man prpwd calls it u_max_llogin, and gives an understandable description.

man modprpw calls it u_llogin, and says only "Set the last login time interval (days). Used with u_succlog".

If you use SAM to set system security policies, general user account policies, lock inactive account enabled, the field maximum inactive time appears and you can fill in a value. When you click ok, the parameter name u_llogin appears in the file /tcb/files/auth/system/default. If you have never before enabled this feature in SAM, the parameter name will not appear at all in the default file. If you have once enabled it, and then later disable it, the parameter name is not removed from the file, but the value is changed to 0 ( meaning feature is disabled).

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.