Solaris / OpenSolarisThis forum is for the discussion of Solaris, OpenSolaris, OpenIndiana, and illumos.
General Sun, SunOS and Sparc related questions also go here. Any Solaris fork or distribution is welcome.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Solaris 10 (x86) and Windows XP Pro SP2
Posts: 596
Rep:
Solaris Security Question...A cause of Concern !
Ok, at our work, we have to logon to a E25K Sun Fire server running Solaris 10 from our Windows workstations using an emulator.
Now, we also have an OpenVMS server that we connect to and its pretty much secure because it does not allow us to login with several user IDs. Only one user ID at a time.
For example:
Most of the time, many of my users forget their passwords and what they do, is that they borrow someone elses user ID and password until the UNIX admins reset it....Now, the UNIX server, allows that user that got the other employees user ID and password to logon...
As for OpenVMS....when trying to logon with somenone elses user ID, the server says...ANOTHER USER IS LOGGED ON ALREADY...and the session terminates from the server...
UNIX, does NOT even do that, and I think its a security concern.
So I do have to ask a UNIX security expert out here, that how can I make a Solaris server to only limit ONE USER ID at a time to logon so when an employee tends to ask another employees ID and password, I DO NOT want that person to logon using another employees password???
So how can I make my Solaris server here at home to only limit ONE user ID to logon?
Ummm, as far as I'm aware, Unix has never limited users to one login per user. It's never been seen as a security risk either - if someone else has your password, then all they'd have to do is wait until you log out, so not much protection there. It's also a serious pain in the ass if your xterm falls over and leaves you logged into a remote machine.
If you really wanted to implement this yourself (I run a production host that does this, but for licensing reasons with a 3rd party application), you could put a check in users' .profile to see if there's already a login running for that user, and exit if so. Don't forget to 'chown root .profile; chmod 700 .profile', though.
I'd advise against it, though. You don't gain any measurable security and you could leave yourself locked out from a machine.
It's a 5 second job to implement limit on number of user logins on Linux:
In /etc/security/limits.conf add the following line:
Quote:
* - maxlogins 1
Where '*' is a wildcard - instead you can use a specific user name or a group name (with preceding @) i.e. @users.
Of course instead of 'maxlogins 1', which would limit to only one login you can use any other number.
But the above is on Linux - I have no idea about Solaris. I'd be surprised if it didn't provide a similar functionality. I have checked out OpenSolaris and yet couldn't find anything - OpenSolaris' documentation sucks big time.
Distribution: Solaris 11.4, Oracle Linux, Mint, Debian/WSL
Posts: 9,789
Rep:
Quote:
Originally Posted by as400
Most of the time, many of my users forget their passwords and what they do, is that they borrow someone elses user ID and password until the UNIX admins reset it....Now, the UNIX server, allows that user that got the other employees user ID and password to logon...
This is the real security issue you have: users forgetting their password and borrowing other people ones instead of using a self service solution to reset them.
What I would do is to centralize the users credentials in a single repository (ldap server) and/or have an identity management solution synchronizing the Windows and Unix passwords.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.