[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference turris::digital_unix

Title:	DIGITAL UNIX(FORMERLY KNOWN AS DEC OSF/1)
Notice:	Welcome to the Digital UNIX Conference
Moderator:	SMURF::DENHAM

Created:	Thu Mar 16 1995
Last Modified:	Fri Jun 06 1997
Last Successful Update:	Fri Jun 06 1997
Number of topics:	10068
Total number of notes:	35879

10021.0. "Enhanced Security: 3 newbie questions" by NZOV02::GUTHREYCHRIS () Tue Jun 03 1997 00:52

    Hello!
    
    I have the following mail from a customer who is trying to get to grips
    with Enhanced security on Digital Unix. Unfortunately I don't have any
    experience with Enhanced security.  Is any kind person able to provide
    a quick answer to these 3 questions?
    
    Many thanks in advance
    Chris Guthrey
    
    -------------
    Problem 1.
    Prior to enabling ENHANCED security, I was able to initiate a dtterm 
    session via XDMCP indirect.  I still get the login, but the system 
    comes back and states that it has no data on my terminal in the 
    database.
    
    Problem 2.
    The root user cannot login at the system console.  The only access to 
    the root user is via su.  Even if you can su to the root user, you 
    can't run any of the security related stuff because it requires the 
    root user login at the system console.
    
    Problem 3.
    The security system keeps expiring the root user login, forcing us to 
    enter a new password each day.
    
    HELP!!!

T.R	Title	User	Date	Lines
10021.1	Read the documentation!	SMURF::MAJESKE	`Tue Jun 03 1997 13:31`	58
	First, Enhanced Security is complex and you can't just turn it on and expect it to work without understanding how to set it up and how it works. You and your customer should read the Security manual. Second, you didn't state what version of Digital UNIX the customer is using. Some of the underlying Enhanced Security functionality changed from V3.2* to V4.0. You have to know what version the customer is running in order to give the correct information. In addition to the Security manual, here are some doc references for your specific problems. Problem 1. Prior to enabling ENHANCED security, I was able to initiate a dtterm session via XDMCP indirect. I still get the login, but the system comes back and states that it has no data on my terminal in the database. The terminal must be properly defined in the Enhanced Security databases. See: man ttys.4 man devassign.4 man edauth.8 (V4.0 and later only) dxdevices online help (V4.0 and later) XSysAdmin and XIsso online help (V3.2) Problem 2. The root user cannot login at the system console. The only access to the root user is via su. Even if you can su to the root user, you can't run any of the security related stuff because it requires the root user login at the system console. Some of the "security related stuff" must be done by root and currently can't be done if root login is via su (this will be fixed in a future release). But, "root user login at the system console" is NOT required. If you're already logged in as another user, "/bin/login root" will be sufficient (provided the normal things are in place to allow root logins at that terminal - see man securettys.4). There is insufficient information here, so I can't narrow it down much. The problem could be in the protected password database, the default database, the ttys database, or the devassign database. See: XSysAdmin and XIsso online help (V3.2) Account Manager: System Defaults online help (V4.0 or later, CDE only) man prpasswd.4 man default.4 man ttys.4 man devassign.4 man securettys.4 Problem 3. The security system keeps expiring the root user login, forcing us to enter a new password each day. See: man prpasswd.4 man default.4 XSysAdmin and XIsso online help (V3.2) Account Manager online help (V4.0 and later, CDE only)
10021.2	Thanks!	NZOV02::GUTHREYCHRIS	`Tue Jun 03 1997 18:46`	7
	Many thanks for your references! Sorry for omitting version - it is: 4.0B I shall followup with customer. Chris G.