LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Other *NIX Forums > Solaris / OpenSolaris
User Name
Password
Solaris / OpenSolaris This forum is for the discussion of Solaris and OpenSolaris.
General Sun, SunOS and Sparc related questions also go here.

Notices

Reply
 
Search this Thread
Old 11-08-2008, 02:24 AM   #1
as400
Member
 
Registered: Apr 2004
Location: USA
Distribution: Solaris 10 (x86) and Windows XP Pro SP2
Posts: 596

Rep: Reputation: 30
Solaris Security Question...A cause of Concern !


Ok, at our work, we have to logon to a E25K Sun Fire server running Solaris 10 from our Windows workstations using an emulator.

Now, we also have an OpenVMS server that we connect to and its pretty much secure because it does not allow us to login with several user IDs. Only one user ID at a time.

For example:

Most of the time, many of my users forget their passwords and what they do, is that they borrow someone elses user ID and password until the UNIX admins reset it....Now, the UNIX server, allows that user that got the other employees user ID and password to logon...

As for OpenVMS....when trying to logon with somenone elses user ID, the server says...ANOTHER USER IS LOGGED ON ALREADY...and the session terminates from the server...

UNIX, does NOT even do that, and I think its a security concern.

So I do have to ask a UNIX security expert out here, that how can I make a Solaris server to only limit ONE USER ID at a time to logon so when an employee tends to ask another employees ID and password, I DO NOT want that person to logon using another employees password???

So how can I make my Solaris server here at home to only limit ONE user ID to logon?
 
Old 11-08-2008, 05:19 AM   #2
ilikejam
Senior Member
 
Registered: Aug 2003
Location: Glasgow
Distribution: Fedora / Solaris
Posts: 3,109

Rep: Reputation: 96
Ummm, as far as I'm aware, Unix has never limited users to one login per user. It's never been seen as a security risk either - if someone else has your password, then all they'd have to do is wait until you log out, so not much protection there. It's also a serious pain in the ass if your xterm falls over and leaves you logged into a remote machine.

If you really wanted to implement this yourself (I run a production host that does this, but for licensing reasons with a 3rd party application), you could put a check in users' .profile to see if there's already a login running for that user, and exit if so. Don't forget to 'chown root .profile; chmod 700 .profile', though.

I'd advise against it, though. You don't gain any measurable security and you could leave yourself locked out from a machine.

Dave
 
Old 11-08-2008, 05:30 AM   #3
klearview
Member
 
Registered: Aug 2006
Location: London
Distribution: Debian, Kubuntu
Posts: 572

Rep: Reputation: 75
It's a 5 second job to implement limit on number of user logins on Linux:

In /etc/security/limits.conf add the following line:
Quote:
* - maxlogins 1
Where '*' is a wildcard - instead you can use a specific user name or a group name (with preceding @) i.e. @users.

Of course instead of 'maxlogins 1', which would limit to only one login you can use any other number.

But the above is on Linux - I have no idea about Solaris. I'd be surprised if it didn't provide a similar functionality. I have checked out OpenSolaris and yet couldn't find anything - OpenSolaris' documentation sucks big time.
 
Old 11-08-2008, 06:33 AM   #4
as400
Member
 
Registered: Apr 2004
Location: USA
Distribution: Solaris 10 (x86) and Windows XP Pro SP2
Posts: 596

Original Poster
Rep: Reputation: 30
I have been Googling this and found out the results below...I hope...

http://www.unix.com/sun-solaris/1920...-sessions.html
 
Old 11-08-2008, 06:59 AM   #5
klearview
Member
 
Registered: Aug 2006
Location: London
Distribution: Debian, Kubuntu
Posts: 572

Rep: Reputation: 75
Yup, in the link you provided the solution in post 7 by zazzybob works fine.

Not very elegant though.
 
Old 11-09-2008, 05:20 AM   #6
jlliagre
Moderator
 
Registered: Feb 2004
Location: Outside Paris
Distribution: Solaris10, Solaris 11, Mint, OL
Posts: 9,493

Rep: Reputation: 355Reputation: 355Reputation: 355Reputation: 355
Quote:
Originally Posted by as400 View Post
Most of the time, many of my users forget their passwords and what they do, is that they borrow someone elses user ID and password until the UNIX admins reset it....Now, the UNIX server, allows that user that got the other employees user ID and password to logon...
This is the real security issue you have: users forgetting their password and borrowing other people ones instead of using a self service solution to reset them.

What I would do is to centralize the users credentials in a single repository (ldap server) and/or have an identity management solution synchronizing the Windows and Unix passwords.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Browser password security concern i_nomad Linux - Security 5 09-16-2008 09:12 AM
Possible Security Concern? keysorsoze Linux - Security 2 12-15-2006 01:36 PM
usermin or openwebmail security concern? taiwf Linux - Security 2 04-26-2006 11:21 PM
A security concern! Please advise! vharishankar General 5 11-30-2004 10:05 AM
Security concern linuxRules Linux - General 3 05-22-2002 01:23 PM


All times are GMT -5. The time now is 07:51 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration