- Community Home
- >
- Servers and Operating Systems
- >
- Legacy
- >
- Operating System - Tru64 Unix
- >
- Re: Cannot remote Xlogin after C2 enhanced securit...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-05-2003 05:35 PM
тАО08-05-2003 05:35 PM
Cannot remote Xlogin after C2 enhanced security enabled
I have a Alpha box currrently running Tru64 4.0G. After I enabled the C2 security. I have done all the configuration in ttys, devassign and generated the ttys.db. But I cannot remote login using Xclient software (Exceed). No error message occurred. Can I have any suggestion to do the troubleshooting in this issue. Many thanks.
Yan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-05-2003 10:25 PM
тАО08-05-2003 10:25 PM
Re: Cannot remote Xlogin after C2 enhanced security enabled
please change the files
/etc/auth/system/ttys,
/etc/auth/system/devassign
/etc/securettys
as follows:
In the following, replace host, host.sub.domain and n.n.n.n by the
hostname, full domain name and IP address of the host(s) you are trying to connect from.
Add lines like the following to /etc/auth/system/ttys :
host\:0:t_devname=host\:0:t_xdisplay:t_login_timeout#0:chkent:
Add lines like the following to /etc/auth/system/devassign :
host\:0:v_devs=host\:0,host.sub.domain\:0,n.n.n.n\:0:v_type=xdisplay
:chkent:
Add lines like the following to /etc/securettys :
host.sub.domain:0
host:0
Have Exceed worked without C2? If not why have you enabled it ;-)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-06-2003 02:30 AM
тАО08-06-2003 02:30 AM
Re: Cannot remote Xlogin after C2 enhanced security enabled
Thanks for your clear instructions. I have done all the configuration as you taught me in the forum. But Exceed still doesn't work. However, I have another Alpha box that running Tru64 4.0D. Again, I enable the C2 security feature that as same as you taught me in the forum. Then the Exceed works.
I am wondering there is a difference between 4.0G C2 security and 4.0D c2 Security.
In Addition, I found there is a error message in /var/dt/Xerrors when I try connected the server (Tru64 4.0G)
Error Message is shown as below :-
XIO: fatal IO error 54 (Connection reset by peer) on X server "ncdxterm:1.0" after 37 requests (36 known processed) with 0 events remaining.
Many thanks .
yan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-06-2003 02:58 AM
тАО08-06-2003 02:58 AM
Re: Cannot remote Xlogin after C2 enhanced security enabled
please check if there is a name resolution problem on alpha and pc side. Is there a possiblity to enable debugging on exceed side?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-06-2003 06:38 AM
тАО08-06-2003 06:38 AM
Re: Cannot remote Xlogin after C2 enhanced security enabled
I have added the client IP in /etc/hosts and also added the server IP and hostname in client PC (Exceed). But it still doesn't work.
Is it possible to get more info (message log) from the Alpha server?
Is any ports blocked after the C2 security service is enabled?
Many thanks
Yan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-06-2003 10:34 PM
тАО08-06-2003 10:34 PM
Re: Cannot remote Xlogin after C2 enhanced security enabled
ports are not blocked but the used devices must be "unlocked". This was done by the commands within my previous answer.
There is a log-file called Xerrors logging X11-problems and maybe within /var/adm/syslog.dated/current are more informations about security issues.
You wrote you have double checked the settings, are you sure you are using the correct hostname/ip translation, e.g. full qualified hostname/shortname?
Is it possible to login to the Alpha from another maschine without Exceed?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-07-2003 03:10 AM
тАО08-07-2003 03:10 AM
Re: Cannot remote Xlogin after C2 enhanced security enabled
I have successfully login the Alpha server using telnet session. Only the Xclient cannot login after the C2 security is enabled. I have double checked the setting that is correct. There is not much infomation that in /var/adm/syslog.dated/current.
What do you mean full qualified hostname/shortname?
I have added my client PC (Xclient) in Alpha server /etc/hosts.
e.g.
ncdxterm 10.1.1.12
Am I right?
Yan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-07-2003 08:29 AM
тАО08-07-2003 08:29 AM
Re: Cannot remote Xlogin after C2 enhanced security enabled
Regarding getting more detailed errors about C2 login failures. If you touch a file in /var/adm/ named sialog you will see C2 login's - Time stamp, device used, user etc... and errors.
Example:
# touch /var/adm/sialog
Then just try a login again and check the file. This will show if the problem is C2 related - may not be.
The issue could be related to XDM protocol used for the session and authentication protocol XDM-AUTHENTICATION-1, or Fonts not being available under Exceed etc...
Under Exceed you should be able to enable error logging - I'd do that and see if you are not getting an error related to the X Login trying to display to the Exceed PC and failing. I say this because you are seeing the "XIO fatal IO Error" message in the Xerrors file. I think you are getting authenticated OK but failing to display the Login Box for some other reason.
Post any errors from Exceed when trying to launch a session.
Another approach to this type of problem is to start Exceed as a standalone Xserver and then push dtlogin display to it and see if it fails.
- Start Exceed without using XDM Login
- Start a telent session to the Tru64 Unix system
- In the telnet session set the DISPLAY variable to point back at the PC IP Address/Name and Xserver.
Ex:
sh & ksh
# DISPLAY=ncdxterm:1.0;export DISPLAY
Maybe also try...
# DISPLAY=ncdxterm:0;export DISPLAY
csh
# setenv DISPLAY ncdxterm:1.0
Or...
# setenv DISPLAY ncdxterm:0
- Now let's try to launch a Login Box running the dtlogin, assuming your using CDE and not XDM as the default GUI.
# /usr/dt/bin/dtlogin
Hope that helps.
Regards,
Dave Bechtold
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-07-2003 11:10 PM
тАО08-07-2003 11:10 PM
Re: Cannot remote Xlogin after C2 enhanced security enabled
10.1.1.12 ncdxterm.domainname.de ncdxterm
shortname = ncdxterm
longname = ncdxterm.domainname.de
If you type in "hostname" what is delivered back? long or shortname?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-08-2003 02:49 AM
тАО08-08-2003 02:49 AM
Re: Cannot remote Xlogin after C2 enhanced security enabled
One other question are the PC and the Alpah box on the same subnet ? traditionally X does not broadcast out XDMCP requests to different subnets without configuration of the s/w involved in this case Exceed.
lastly what does nslookup 10.1.1.12 yield when run on the alpha server ? I'm wondering if you are going to a DNS server first rather than reading the local /etc/hosts file.