Recent content by ggauthier

Rod, There are no problem with buses :D The system is in a locked cage with no fewer than 8 video cameras monitoring it. People who can unlock the cage do not have system access, and vice-versa. There are network ACLs maintained by people who do not have access to the cage or to the system...

Hi Khalid, Yes, that is what I am looking for -- but unfortunately, there are no posts confirming that it works. Which manual were you referencing? regards, glenn

(a) We've been asked to handle dual authentication for a single account; that is, one account has two passwords. Preferred is option (b) that shell access is gained after two separate accounts and their respective passwords are successfully entered. This is for a secured environment where...

It may not be enabled by default, but the Audit subsystem can track user_create information. If you're not interested in using Audit, you can update /usr/lib/security/mkuser.sys with your own logging. Here's an example entry in /usr/lib/security/mkuser.sys: echo $(date)" "$(logname)"...

Fore account creation, you can update this file to log: /usr/lib/security/mkuser.sys For example, echo $(date)"\t"$(logname)"\t"$2"\t"$1 >> /my/log/path/mk_user.log That will log the date, the user who executed the mkuser command (even if via smit), the account name and the home...

To augment my previous post, here is how we use histsize and histexpire. This may play into your SOX or other audit compliant guidelines. We set maxage=13, which would dictate that the password is changed at minimum four times per year. We set histsize=8, so in theory people could not re-use...

My standard closing for those situations is: Please do not hesitate to call if you have any questions. -glenn

Here's our method: There are three key components: a) the last time the password was changed b) the maxage of the password (in weeks) c) the password warning time (number of days to warn) To gather the data a) lssec -f /etc/security/passwd -s accountname -a lastupdate b) lsuser -a maxage...

Without checking, I agree with Ken that it is the number of passwords before reuse. There is another setting that can prohibit the reuse of a password, and that is 'histexpire' From the man page for "chuser" histexpire Defines the period of time (in weeks) that a user cannot reuse a password...

Rod, I am running 5.1.0.0 ML 05 The account I attempt to su to has the "loginretries" attribute set to three (3). When I fail, the unsuccessful_login_count increases by one (1) and a fail entry appears in the sulog. Any thoughts as to why I get different results than your own? -glenn

The unsuccessful_login_count attribute is also driven by unsuccessful "su" attempts. You will need to review /var/adm/sulog as well. -glenn

The overhead is not always 4%. $ df -k /data1 Filesystem 1024-blocks Free %Used Iused %Iused Mounted on /dev/data01 34603008 34329652 1% 17 1% /data1 The filesystem is comprised of 132 LPs @ 256 MB per. frag size = 4096 ; NBPI = 16384 ; ag = 8 As for the other...

Dictionaries are authoritative but not authoritarian. Languages would absolutely die (if we agree that they are alive to begin with) if dictionaries were the sole source of words and acceptable use. A word is not less of a word just because the entry is in m-w but not in the oed. A word is a...

If the account is coming from the NIS master, you will need to a) run the command on each system the account has access to b) learn NIS well enough that you can create your own maps and distribute c) come up with another distribution method NIS does not inherently work with user attributes...

>>Things are either "unique" or "not unique" Webster's Dictionary, copyright 1983 (hardcopy) unique: 1. having nor like or equal 2. being the only one of its kind 3. highly unusual The on-line version of the Merriam-Webster dictionary has a Usage write up that explains the three...