From: Abigail Date: 19:54 on 15 Feb 2006 Subject: Locked user --1SQmhf2mF2YjsYvc Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable So, there's this AIX box I've to work with. And on this AIX box, there's a user account I often need to work with. So, I want to be able to ssh to that user directly, instead of using ssh & su. I add my public key to the users authorized_keys file, and try to ssh. Failure. Checking the logs, it turns out that permission is denied because there are to many failed attempts. Now I have root on the box, but it's been more than a decade since I=20 last did any administration on an AIX box. Hence, I dive in the manual pages to find out how to fix this. After some digging, there's the command 'chkusr' that looks promising. Indeed, it reports the user has too many failed login attempts, and there's even an option to fix this. So, I run chkusr with the repair option, and it's fixed. Except that it now reports that the account is locked, and it can't fix that. And of course, ssh still doesn't work. Back to the manual pages. Ah, there's SMIT with the 'chuser' argument - for changing user parameters. Just what I need. And there it is, "account locked" is set to true. I switch it to false. Save and quit. Try ssh again. Failed. Too many failed login attempts. WTF? Run SMIT again. The account isn't locked. 'chkusr' says the user has too many failed login attempts, but it can fix that. And so it does. But that results in the account being locked again. Each time when I run 'SMIT chuser' to unlock the account, it starts thinking that the account has too many failed login attempts, and when I use 'chkusr' to unset this flag, the account becomes locked. Only later I learn that if you run SMIT with a different command, you can set even more user parameters, including both the 'locked' and the 'too many failed login attempts' flags. Abigail --1SQmhf2mF2YjsYvc Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) iD8DBQFD84cFBOh7Ggo6rasRAhQ4AKCr9qiUu5WOSNVKJkRx0DLj5lWnqACgpDrf bJJq5UXIFKsJvAz9uVCXYa8= =+smE -----END PGP SIGNATURE----- --1SQmhf2mF2YjsYvc--
From: Nicholas Clark Date: 20:04 on 15 Feb 2006 Subject: Re: Locked user On Wed, Feb 15, 2006 at 08:54:45PM +0100, Abigail wrote: > > So, there's this AIX box I've to work with. [snip] 'nuff said. ("AIX is pain, Highness. Anyone who says differently is an IBM salesdrone") Nicholas Clark
From: John Handelaar Date: 20:13 on 15 Feb 2006 Subject: Re: Locked user Nicholas Clark wrote: > On Wed, Feb 15, 2006 at 08:54:45PM +0100, Abigail wrote: > >>So, there's this AIX box I've to work with. [snip] > > > 'nuff said. > > ("AIX is pain, Highness. Anyone who says differently is an IBM salesdrone") And it's pronounced 'aches', for the record. jh
From: Jarkko Hietaniemi Date: 06:38 on 16 Feb 2006 Subject: Re: Locked user John Handelaar wrote: > Nicholas Clark wrote: >> On Wed, Feb 15, 2006 at 08:54:45PM +0100, Abigail wrote: >> >>> So, there's this AIX box I've to work with. [snip] >> >> 'nuff said. >> >> ("AIX is pain, Highness. Anyone who says differently is an IBM salesdrone") > > And it's pronounced 'aches', for the record. I kept spelling it AIDX... > jh >
From: Rhesa Rozendaal Date: 20:35 on 15 Feb 2006 Subject: Re: Locked user Nicholas Clark wrote: > On Wed, Feb 15, 2006 at 08:54:45PM +0100, Abigail wrote: > >>So, there's this AIX box I've to work with. [snip] > > > 'nuff said. > > ("AIX is pain, Highness. Anyone who says differently is an IBM salesdrone") > It's the french name of a german city, for crying out loud!
From: Artur Bergman Date: 21:35 on 15 Feb 2006 Subject: Re: Locked user On 15 Feb 2006, at 12:35, Rhesa Rozendaal wrote: > Nicholas Clark wrote: >> On Wed, Feb 15, 2006 at 08:54:45PM +0100, Abigail wrote: >>> So, there's this AIX box I've to work with. [snip] >> 'nuff said. >> ("AIX is pain, Highness. Anyone who says differently is an IBM >> salesdrone") > > It's the french name of a german city, for crying out loud! HAHAHAHAHAHAHAHA made my day :) artur
Generated at 10:26 on 16 Apr 2008 by mariachi