HPE Community
Operating System - HP-UX
1855693 Members
3078 Online
104103 Solutions
New Discussion

validate username with ip

 
SOLVED
Go to solution
Darren Etheridge_2
Super Advisor

‎04-13-2005 05:09 AM

‎04-13-2005 05:09 AM

validate username with ip

What is the best way to validte a users usernaem with the IP they are telneting into a system with? We have users that use others accounts to log into our systems.
0 Kudos
Reply
4 REPLIES 4
Geoff Wild
Honored Contributor

‎04-13-2005 05:12 AM

‎04-13-2005 05:12 AM

Re: validate username with ip

Reset all user passwords - and tell them not to give them out to anybody!!!

You can NOT validate the person who is using userid: jsmith as the real jsmith - unless you are using sophisticated logins with say finger printing or retinal scans.

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
RAC_1
Honored Contributor

‎04-13-2005 05:23 AM

‎04-13-2005 05:23 AM

Re: validate username with ip


who -u will give you ip addresses from where users have logged in. (You may also want to use getip command to check there ip address)
(Or you may have list with you already)

Also you can prepare a user list from /etc/passwd or with logins -u command.

Now you have ip address and user name. Not put a code in /etc/profile to check username and check if it is coming from a particular ip. If allow access, else do what you want-log them out, send message, whatever

Something like follows.

usr_id=@(whoami)
ip_address=$(getip "$(who -um|awk '{print $NF}'|awk -F : '{print $1}')")
fix_ip=$(grep -q ${user_id} /var/adm/file|awk '{print $2}')
#/var/adm/file will have details about userid and their ip addresses. Like follows.
# xxx 10.9.12.20
#Second awk is required to take care of CDE, Exceed, Reflection logins)

if [[ ${user_id} -eq ${user_id} && ${ip_address != ${fix_ip} ]]
then
echo "Access not allowed"
exit
fi

### Script not tested.

There is no substitute to HARDWORK
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎04-13-2005 05:32 AM

‎04-13-2005 05:32 AM

Re: validate username with ip

Unless every PC or laptop has a fixed IP address (fairly uncommon), the IP address will change from time to time. However, it's fairly easy to control this errant behavior. Anytime a user is caught using the wrong login, you disable the account. Then when either user asks for help, you march both of them together into the IT Director's office and they are given a single warning never to do this again, or they will *BOTH* be fired.

Trying to workaround behavioral problems like this means that users will still try to get around the system no matter what. It's a symptom of non-support for your security policies. Your systems are safe when everyone takes all the policies seriously.


Bill Hassell, sysadmin
0 Kudos
Reply
Robert Salter
Respected Contributor

‎04-13-2005 05:35 AM

‎04-13-2005 05:35 AM

Solution

Re: validate username with ip

I agree with Geoff. What are your security procedures? If I log in as someone else and screw something up who's responsible, me or the person I logged in as? Or you.

Time to smoke and joke
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.