Hi guru's,
I only had one response to this email, which was from
Jeff Borah <jeff_at_snyfarvg.cc.farmingdale.edu>
who put me on the right track to finding a solution to my problem, ( the
original posting follows the summary).
Jeff suggested that I should install tcpwrappers to monitor where the
failed logins were coming from, eg. an unwanted site. tcpwrapper can be
found at
ftp://ftp.win.tue.nl:/pub/security/
Our machine isn't connected to the outside world, however after installing
tcpwrapper I have found that one of our terminal servers is causing the
problem. It is constantly sending login messages to the machine for some
reason, so I'll have to sort that one out.
So thanks to Jeff for suggesting to install tcpwrapper and pointing me in
the right direction.
Cheers
Glenn.
____________________________________________________________________________
___
Original message
We have recently turned on the /var/adm/sialog so that we can track failed
logins. We have been having problems with DU3.2g disabling terminals, which
ofcourse stops users from logging in. Since turning it on I have now found
that hundreds of times every day we are getting the message
Failure to authenticate session for (null) on /dev/ttyp1
or
Failure to authenticate session for on /dev/ttyp2
This causes DU3.2g to disable /dev/ttyp1 which is the first tty that DU
tries to allocate to someone when they login.
I have absolutely no idea why we are getting these messages, or where to
start looking. Can anyone shed some light on this for me? Any help would be
greatly appreciated.
TIA
Glenn.
B&D Australia - The garage door people.
.
,--_|\ Glenn Newbery Email : glenn_at_bnd.com.au
/ B&D \ Systems Manager Voice : +612 9722 5631
\_,--\_/ Fax : +612 9772 3830
v
Received on Wed Sep 23 1998 - 02:26:14 NZST