SUMMARY: mistirious login problem
2007-12-24 21:05:00
>I've been administrating Solaris systems for more then five years (full time),
>but today I've encoutered a very strange login problem to one of our servers
>(Solaris 8, bsm activated).
>
>ONE particular user cannot login to his account, he always gets "permission
>denied". I've changed is password multiple times, but the only way to get into
>his account is to "su" to it. I've checked everything I could imagine that
>could be the cause...
>
>After some time I created a test account. With that account I was able to log
>in normaly. Then I changed the UID of this account to the same as the "locked"
>account and - i get "permission denied"! It looks to me as something in the
>system has locked that UID out of the system, but I have no idea what I could
>do to unlock that account.
##############
And the oscar goes to: casper dik (as so many other times before)
Date: Thu, 25 Oct 2001 15:59:33 +0200
From: Casper Dik <Casper.Dik at Sun.COM>
To: Dieter Gobbers <gobbers at faw.uni-ulm.de>
Subject: Re: mistirious login problem
Ah, one of my favourite problems. We've actually changed Solaris 9 such
that the act of changign the password will fix this. Login will now
take both the loginlog field and the last password change field into
account to determine how long an account was inactive. (And takes the
youngest of the two dates, preventing login problems when recycling uids.))
The solaris FAQ says:
5.25) One of my users can't login (one some machines).
In the shadow table/file/map there is a field that indicates how
long an account may be inactive before it is expired. On login,
the entry in /var/adm/lastlog, the inactive expire time and the
current date are compared. If the system determines that the user
is expired, he will get "Login incorrect", indiscernible from a
normal incorrect login. The fix is to change the user's shadow
entry.
--- end of excerpt from the FAQ
The most recently posted version of the FAQ is available from
<http://www.wins.uva.nl/pub/solaris/solaris2/>
##############
Other nice guys who offered their wisdom:
JULIAN, JOHN C. \(AIT\) <jj2195 at sbc.com>
Hindley Nick <nick.hindley at lbhf.gov.uk>
Piard, Frederic <Frederic.Piard at lexiquest.fr>
Glass, David \(UDB\) <GlassD at bp.com>
Sudheesh Krishnankutty <sudheesh at softjin.com>
Martin Hepworth <maxsec at totalise.co.uk>
Salum, Felipe Bariani <felipebariani.salum at eds.com>
MANY THANKS TO ALL OF YOU!
Next time I should take a look into the FAQ. But I didn't expect that problem
to be that common...
Thanks again,
Dieter Gobbers
Comments
Got something to say?
You must be logged in to post a comment.
