HPE Community
Operating System - Tru64 Unix
1827800 Members
2369 Online
109969 Solutions
New Discussion

Re: Auto Lock

 
Chris_769
New Member

‎03-22-2005 10:42 PM

‎03-22-2005 10:42 PM

Auto Lock

Hi,

I was wondering if someone knew how to set a user to have his account be automatically be locked out? A client would like that once a account is unlocked, the server (Tru64, 5.1B) would automatically be locked again by a certain time.
Thanks in advance for your response.

Cheers,
Chris
0 Kudos
14 REPLIES 14
Radouan Bouzite
Advisor

‎03-23-2005 02:01 AM

‎03-23-2005 02:01 AM

Re: Auto Lock

use u_unlock field , see man prpasswd
0 Kudos
Johan Brusche
Honored Contributor

‎03-23-2005 02:38 AM

‎03-23-2005 02:38 AM

Re: Auto Lock


Off-course that is only working after you configure C2-security.....ie secsetup

___ Johan.

_JB_
0 Kudos
Chris_769
New Member

‎03-23-2005 03:37 AM

‎03-23-2005 03:37 AM

Re: Auto Lock

Hi Johan,

Thanks for the response, but I could not see what I was looking for there.

What I am trying to do is have a user account be unlocked at a certain time and be locked again at certain time in a day.

This way the administrator does not have to manually go in to the account manager and unlock the account and then again lock it before he leaves, for instance.

Did I miss it in the man page or it is another cmd I need? A script or crontab entry?

Cheers,
Chris
0 Kudos
Victor Semaska_3
Esteemed Contributor

‎03-23-2005 04:32 AM

‎03-23-2005 04:32 AM

Re: Auto Lock

As Johan mentioned, you need to have Enhanced Security enabled. You can check/enable it with:

/usr/sbin/sysman secconfig

If you have to enable it I believe a reboot will be required.

Then add two entries in root's crontab.

To unlock the account:
/usr/sbin/usermod -x administrative_lock_applied=0

To lock the account:
/usr/sbin/usermod -x administrative_lock_applied=1

That should do it.

Vic
There are 10 kinds of people, one that understands binary and one that doesn't.
0 Kudos
Ann Majeske
Honored Contributor

‎03-23-2005 08:48 AM

‎03-23-2005 08:48 AM

Re: Auto Lock

If you have Enhanced Security (C2) enabled, you could try playing with the u_tod field directly (see "man prpasswd" and "man edauth") or you could set it with the usermod command (see "man usermod" and look for the text under -x "logon_hours"). This field "sets the days of the week and hours of the day during which the account holder can log in to the account", according to the usermod man page.

Ann
0 Kudos
Chris_769
New Member

‎03-28-2005 06:20 PM

‎03-28-2005 06:20 PM

Re: Auto Lock

Hi Ann,

That's great, thanks for the tip, will try it and hope it works. Thanks.

Cheers,
Chris
0 Kudos
Alexey Borchev
Regular Advisor

‎03-29-2005 12:48 AM

‎03-29-2005 12:48 AM

Re: Auto Lock

Cris,
1) You need C2 enabled indeed.
2) After that, You'll be able to setup working hours via Account manager.
It's little bit simpler&safier, than fiddling with config files directly.
The fire follows shedule...
0 Kudos
Chris_769
New Member

‎03-31-2005 09:55 PM

‎03-31-2005 09:55 PM

Re: Auto Lock

Hi All,

1st, thanks for your replys.
2nd, results: usermod did nto work. now the account is locked out all the time, cant get in, only get this:
Wrong time period to log into this account.

The crontab entry worked for locking the account, but not for unlocking it. Have Enhanced Security (C2), but dont have Accoutn manager, need to do this through cmds. Crontab had set for lock and then unlock 1:30 later same day specifics.

usermod had entered only one day for it to be locked, but now locked all days.

Any ideas?

Cheers,
Chris
0 Kudos
Victor Semaska_3
Esteemed Contributor

‎04-01-2005 01:19 AM

‎04-01-2005 01:19 AM

Re: Auto Lock

Chris,

I don't understand. I tried it on my test box and it worked fine. Could you list the crontab entries.

Also, that message 'Wrong time period to log into this account.' bothers me. I never seen that one before. Sounds like the 'Time of Day' field in the 'Login Restriction' security window was somehow set.

Why can't you run dxaccounts on the console?

Vic
There are 10 kinds of people, one that understands binary and one that doesn't.
0 Kudos
Ann Majeske
Honored Contributor

‎04-04-2005 05:05 AM

‎04-04-2005 05:05 AM

Re: Auto Lock

Chris,

Can you post the results of "edauth -g " on the account that you did the usermod command?

Ann
0 Kudos
Chris_769
New Member

‎04-04-2005 05:16 AM

‎04-04-2005 05:16 AM

Re: Auto Lock

Hi,

I dont understand why the crontab did not work either:

It locked fine, but would not unlock. I have removed the two lines, but I know that they were correct.

The usermod worked. It was that I had entered Wk instead of listing each day.
Does anyone know how to remove it now if I want to? It is the u_tod= that needs to be removed in the db.
Any ideas how that fine can be edited?

Many cheers,
Chris
0 Kudos
Victor Semaska_3
Esteemed Contributor

‎04-04-2005 05:36 AM

‎04-04-2005 05:36 AM

Re: Auto Lock

Chris,

Try this:

usermod -x logon_hours=""

Vic
There are 10 kinds of people, one that understands binary and one that doesn't.
0 Kudos
Ann Majeske
Honored Contributor

‎04-05-2005 01:55 AM

‎04-05-2005 01:55 AM

Re: Auto Lock

usermod can be used to modify the account.

You can also use the edauth command to modify the fields directly. See "man edauth" for information on the edauth command. See "man prpasswd" for information on the fields.

Ann
0 Kudos
Ralf Puchner
Honored Contributor

‎04-06-2005 01:07 AM

‎04-06-2005 01:07 AM

Re: Auto Lock

Howto enable automatic logout of idle telnet sessions

Set environmental variables:

csh and tcsh
set autologout=60

where 60 represents the number of minutes if inactivity.

ksh and bash
TMOUT=3600 ; export TMOUT

where 3600 represents the number of seconds of inactivity.

C2 is not necessary here!
Help() { FirstReadManual(urgently); Go_to_it;; }
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.