SUMMARY: C2 Security and disabled accounts from Per Andersen on 1998-01-31 (tru64-unix-managers)

From: Per Andersen <p.andersen_at_ttu.edu>
Date: Fri, 30 Jan 1998 17:04:12 -0600

I want to thank Matthias E. Johnson for this solution that worked on my
Digital UNIX 4.0B system.

On 30 Jan, Per Andersen wrote:
> Has anyone written a C2 aware program that can unlock a disabled account
> form the command line? I want to add account unlocking capabilities to the
> Internet Alphaserver System Software (IASS) package that Digital
> distributes. At the moment I have an account clerk with the ability to
> created, deleted and change passwords through the web account management
> tool that comes with IASS. The only thing the clerk can't do is unlock
the
> account. I like the web account tool because it is password protected and
I
> have set the system up so that it can be accessed only from selected IP
> addresses.
We use two shell scripts to unlock and lock accounts. They follow (the
first is to unlock, the second to lock an account) Each take a userid
as parameter.
---------------------------------------------------------------------------
#!/usr/bin/bash
# unlock account
if test -n "`/usr/tcb/bin/edauth -g $1 | grep u_lock`" ; then
    if test -n "`/usr/tcb/bin/edauth -g $1 | grep u_lock_at_`" ; then
        echo already unlocked
    else
        echo unlocking
        /usr/tcb/bin/edauth -g $1 | sed 's/:u_lock:/:u_lock_at_:/' |
/usr/tcb/bin/e
dauth -s
    fi
else
    echo unlocking
    /usr/tcb/bin/edauth -g $1 | sed 's/:chkent:/:u_lock_at_:chkent:/' |
/usr/tcb/bi
n/edauth -s
fi
-------------------------------------------------------------------------
#!/usr/bin/bash
#lock
if test -n "`/usr/tcb/bin/edauth -g $1 | grep u_lock`" ; then
    if test -n "`/usr/tcb/bin/edauth -g $1 | grep u_lock_at_`" ; then
        echo locking
        /usr/tcb/bin/edauth -g $1 | sed 's/:u_lock_at_:/:u_lock:/' |
/usr/tcb/bin/e
dauth -s
    else
        echo already locked
    fi
else
    echo locking
    /usr/tcb/bin/edauth -g $1 | sed 's/:chkent:/:u_lock:chkent:/' |
/usr/tcb/bin
/edauth -s
fi
---------------------------------------------------------------------------

--
- johnny waveswaveswaves bye-bye
Matthias E. Johnson
http://krypton.mankato.msus.edu/~matthias/html/
matthias.johnson_at_mankato.msus.edu
finger matthias_at_krypton.mankato.msus.edu for pgp public key

Received on Sat Jan 31 1998 - 00:00:53 NZDT

This archive was generated by hypermail 2.4.0 : Wed Nov 08 2023 - 11:53:37 NZDT