Video Screencast Help

Validate unix user account for NetBackup Java Console 7.x

Created: 24 Feb 2012 | 3 comments
sssoria's picture
0 Agree
0 Disagree
0 0 Votes
Login to vote

If a unix user account of the master server is locked, still can access to Java console. We have implemented security policies in unix servers to change password each 3 months, and if the password is not changed the account is locked. If my account is locked I still can connect to NetBackup Java Console. Please add a check of unix user account state before allow access to NetBackup Java Console.

Comments 3 CommentsJump to latest comment

revaroo's picture

sssoria, 

In what way is the account "locked"? Is the password field modified or the shell changed? 

If the password field is changed (by adding some random entry such as the string LOCKED then the user account will not be able to login to the Java Console as the password will not work.

If the shell is changed to something like /bin/false, the user account will still be allowed to login to the Java console.

It might be a good idea to check if no valid shell is in place to disallow login to the java console though.

 

Hope this helps.

0
Login to vote
sssoria's picture

Hi Revaroo

    Thanks for the response. The account is locked by password expiration, is managed by AIX. Your commentary aren´t applicable in this case because the users locked are Administrators of NetBackup but not of AIX. Then, they have the shell "/usr/bin/passwd" for change password (can´t change password from netbackup console), in our enterprise there are strict security rules to change passwords periodically. And if I put some random string in password field the users can´t login to change your account password.

Thanks and Regards

Sergio.

 

0
Login to vote
RadovanTuran's picture

You can use PAM for GUI logon too. Use the PAM property "nbu" and configure is as you wish (I just used copy of PAM config file for sshd)

0
Login to vote