Original Question: >I've been administrating Solaris systems for more then five years (full time), >but today I've encoutered a very strange login problem to one of our servers >(Solaris 8, bsm activated). > >ONE particular user cannot login to his account, he always gets "permission >denied". I've changed is password multiple times, but the only way to get into >his account is to "su" to it. I've checked everything I could imagine that >could be the cause... > >After some time I created a test account. With that account I was able to log >in normaly. Then I changed the UID of this account to the same as the "locked" >account and - i get "permission denied"! It looks to me as something in the >system has locked that UID out of the system, but I have no idea what I could >do to unlock that account. ############## And the oscar goes to: casper dik (as so many other times before) Date: Thu, 25 Oct 2001 15:59:33 +0200 From: Casper Dik <Casper.Dik@Sun.COM> To: Dieter Gobbers <gobbers@faw.uni-ulm.de> Subject: Re: mistirious login problem Ah, one of my favourite problems. We've actually changed Solaris 9 such that the act of changign the password will fix this. Login will now take both the loginlog field and the last password change field into account to determine how long an account was inactive. (And takes the youngest of the two dates, preventing login problems when recycling uids.)) The solaris FAQ says: 5.25) One of my users can't login (one some machines). In the shadow table/file/map there is a field that indicates how long an account may be inactive before it is expired. On login, the entry in /var/adm/lastlog, the inactive expire time and the current date are compared. If the system determines that the user is expired, he will get "Login incorrect", indiscernible from a normal incorrect login. The fix is to change the user's shadow entry. --- end of excerpt from the FAQ The most recently posted version of the FAQ is available from <http://www.wins.uva.nl/pub/solaris/solaris2/> ############## Other nice guys who offered their wisdom: JULIAN, JOHN C. \(AIT\) <jj2195@sbc.com> Hindley Nick <nick.hindley@lbhf.gov.uk> Piard, Frederic <Frederic.Piard@lexiquest.fr> Glass, David \(UDB\) <GlassD@bp.com> Sudheesh Krishnankutty <sudheesh@softjin.com> Martin Hepworth <maxsec@totalise.co.uk> Salum, Felipe Bariani <felipebariani.salum@eds.com> MANY THANKS TO ALL OF YOU! Next time I should take a look into the FAQ. But I didn't expect that problem to be that common... Thanks again, Dieter GobbersReceived on Thu Oct 25 15:36:32 2001
This archive was generated by hypermail 2.1.8 : Wed Mar 23 2016 - 16:32:34 EDT