Folks,
I'm running a Tru64 5.1 PK5 Enhanced Security environment. Per a new (and decent) password policy that is being implemented, I need to restrict the application admin accounts so that they will su from a personal account to the administrative account (such as oracle), similar to what you need to do if root is locked down properly.
My problem is, in base security, if I lock the account, you can log in as a user, then su to it just fine. In enhanced security, you can't do that. It needs to be unlocked to be able to log into it. Does anyone know of a trick, edauth flag, etc, that needs to be set for the account to be able to be su'd to, but not directly logged in to?
Best regards,
--Blake Roberts
UNIX Systems Administrator
ERCOT-Austin
512.225.7178
512.695.5071 (cell)
Received on Thu Aug 15 2002 - 18:32:02 NZST