Posts Tagged security
Change user settings and password attributes in AIX
Posted by Lincoln Zuljewic Silva in Aix on May 11, 2010
To change some user and password settings in AIX, you should use the command "chuser". Follow some available parameters:
- loginretries -> number of login failures before lock the account.
- maxage -> maximum age of a password (in weeks)
- gecos -> general information about the user.
- groups
- home
- minlen -> minimum password length
- pgrp -> primary group
Example:
# chuser loginretries='0' maxage='0' gecos='User Foo Bar' groups='group1,group2,group3' home='/home/foobar' minlen='7' pgrp='groupX' <username>
Unlock user account in AIX
Posted by Lincoln Zuljewic Silva in Aix on May 11, 2010
To unlock an user account in AIX, you should use the following command:
# chuser account_locked='true' <username>
Lock user account in AIX
Posted by Lincoln Zuljewic Silva in Aix on May 11, 2010
To lock an user account in AIX, you should use the following command:
# chuser account_locked='false' <username>
Forcing an user changing the password on AIX
Posted by Lincoln Zuljewic Silva in Aix on November 30, 2009
Forcing an user changing the password on AIX
On AIX, you can use the following commands to unlock na user and force it to change it’s password on first logon:
# pwdadm -f ADMCHG USER
Lock an user account in HP-UX
Posted by Lincoln Zuljewic Silva in HP-UX on September 24, 2009
To lock an user account in HP-UX, you can use the following command:
# /usr/lbin/modprpw -m alock=YES USER
rlogin access denied
Posted by Lincoln Zuljewic Silva in Linux on June 15, 2009
In some specific situations, you need use rlogin to remote access a server, but you can face the following error:
clientServer:~ # rlogin rloginServer
Password:
Password:
Login incorrect
login: root
Password:
Login incorrect
login: root
Password:
Login incorrect
login: root
Password:
Login incorrect
rlogin: connection closed.
If you check the /var/log/secure log on the “rloginServer”, you will find the following messages:
Jun 15 10:44:41 rloginServer rlogind[16640]: pam_securetty(rlogin:auth): access denied: tty 'rlogin' is not secure !
Jun 15 10:44:41 rloginServer rlogind[16640]: pam_rhosts_auth(rlogin:auth): denied to root@10.11.4.9 as root: access not allowed
Jun 15 10:44:47 rloginServer login: pam_securetty(remote:auth): access denied: tty 'pts/0' is not secure !
Jun 15 10:44:51 rloginServer login: FAILED LOGIN 1 FROM 10.11.4.9 FOR root, Authentication failure
Jun 15 10:44:53 rloginServer login: pam_securetty(remote:auth): access denied: tty 'pts/0' is not secure !
Jun 15 10:44:58 rloginServer login: FAILED LOGIN 2 FROM 10.11.4.9 FOR root, Authentication failure
Jun 15 10:44:58 rloginServer login: pam_unix(remote:auth): bad username []
Jun 15 10:44:58 rloginServer login: pam_succeed_if(remote:auth): error retrieving information about user
Jun 15 10:44:58 rloginServer login: FAILED LOGIN 3 FROM 10.11.4.9 FOR , User not known to the underlying authentication module
Jun 15 10:44:59 rloginServer login: pam_unix(remote:auth): bad username []
Jun 15 10:44:59 rloginServer login: pam_succeed_if(remote:auth): error retrieving information about user
Jun 15 10:44:59 rloginServer login: FAILED LOGIN SESSION FROM 10.11.4.9 FOR , User not known to the underlying authentication module
The problem here, is that “rlogin” is not a “secure” shell. To configure it, you should add “rlogin” (without the quotes) to /etc/securetty .
After that, you will be able to access the rlogin server.
Forcing an user changing the password on Solaris
Posted by Lincoln Zuljewic Silva in Solaris on June 8, 2009
On Solaris, you can use the following commands to unlock na user and force it to change it’s password on first logon:
# passwd -f <username>
passwd: password information changed for <USER>
HP-UX password maintenance
Posted by Lincoln Zuljewic Silva in HP-UX on June 1, 2009
Follow a few utilities to maintain the user’s passwords:
/usr/lbin/getprpw <username> - display protected password database information
/usr/lbin/modprpw -x <username> – change password
/usr/lbin/modprpw -k <username> – unlock the user
Setting session timeout on Linux
Posted by Lincoln Zuljewic Silva in Linux on May 27, 2009
To set an automatically shell timeout on Linux (that Will logoff that session after X seconds), you just need setup the following variable (put it in your /etc/profile):
# echo “TMOUT=300; readonly TMOUT; export TMOUT” >> /etc/profile
The “readonly” option will not allow an normal user change (ou unset) it.
Locking a Linux account
Posted by Lincoln Zuljewic Silva in Linux on April 9, 2009
Before you remove an account from a system, is a good idea lock it for one week to make sure that no one use it.
To lock, you can use the follow command:
# passwd -l username (where username is the login id).
After that, if someone try to loginusing this account, the system will return:
# su - foobar
This account is currently not available.