Solved

students failing to run keylogin get locked out of their accounts once global read access of the password table is disabled

Posted on 2003-10-21
4
199 Views
Last Modified: 2013-12-27
I have inherited a set of nis+ systems, which I think has not been properly configured.  My own nis+ knowledge is not sufficient yet to solve the dilemma.

currently the passwd.org_dir table is gloabally readable - not a good thing.  If I restrict read access with a nistbladm -u  passwd=w-r passwd.org_dir then users who have neglected to run keylogin and change their passwords get locked out and I have to jump through hoops to change their password and then do a chkey -p

How can I tell if a user has run keylogin.  If I could generate a list of those who have not run keylogin I could figure out which accounts I have to fix.  FYI rather a lot, 4K+, of accounts..




0
Comment
Question by:AlastairNeil
4 Comments
 
LVL 18

Expert Comment

by:liddler
Comment Utility
Can't you either tell all users to run keylogin or put it into everyone's .profile, so it run's the next time they login and the deletes itself from their .profile
i.e.
something like:
for file in ls /home/*/.profile
do
cp .profile .profile.sav
echo keylogin >> .profile
echo mv .profile.sav .profile >> .profile
done
0
 

Author Comment

by:AlastairNeil
Comment Utility
There has been a message in the motd for weeks instructing everyone to keylogin and change passwords, however students being students a percentage of them will ignore it and a percentage of them will not access their account until they actually need to work on a project.

Putting keylogin in the .profile does not really address my problem, I could easily wrap keylogin in a script that logs the uid of those running it, but I want to find those that have already run it, or more importantly those that have not run it yet.
0
 

Accepted Solution

by:
modulo earned 0 total points
Comment Utility
PAQed, with points refunded (100)

modulo
Community Support Moderator
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
wget saving web page help 4 66
AIX Server 10 74
Python Assistance 7 30
what is the difference between "sudo su" and "su - root" 6 66
This tech tip describes how to install the Solaris Operating System from a tape backup that was created using the Solaris flash archive utility. I have used this procedure on the Solaris 8 and 9 OS, and it shoudl also work well on the Solaris 10 rel…
I have been running these systems for a few years now and I am just very happy with them.   I just wanted to share the manual that I have created for upgrades and other things.  Oooh yes! FreeBSD makes me happy (as a server), no maintenance and I al…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now