| Skip Navigation Links | |
| Exit Print View | |
|
Oracle Solaris 11.1 Administration: Security Services Oracle Solaris 11.1 Information Library |
| Skip Navigation Links | |
| Exit Print View | |
|
|
Oracle Solaris 11.1 Administration: Security Services Oracle Solaris 11.1 Information Library |
1. Security Services (Overview)
Part II System, File, and Device Security
2. Managing Machine Security (Overview)
3. Controlling Access to Systems (Tasks)
Securing Logins and Passwords (Tasks)
Securing Logins and Passwords (Task Map)
How to Change the root Password
How to Display a User's Login Status
How to Display Users Without Passwords
Changing the Default Algorithm for Password Encryption (Tasks)
How to Specify an Algorithm for Password Encryption
How to Specify a New Password Algorithm for an NIS Domain
How to Specify a New Password Algorithm for an LDAP Domain
Monitoring and Restricting root Access (Tasks)
How to Monitor Who Is Using the su Command
How to Restrict and Monitor root Logins
Controlling Access to System Hardware (Tasks)
How to Require a Password for SPARC Hardware Access
How to Disable a System's Abort Sequence
4. Virus Scanning Service (Tasks)
5. Controlling Access to Devices (Tasks)
6. Verifying File Integrity by Using BART (Tasks)
7. Controlling Access to Files (Tasks)
Part III Roles, Rights Profiles, and Privileges
8. Using Roles and Privileges (Overview)
9. Using Role-Based Access Control (Tasks)
10. Security Attributes in Oracle Solaris (Reference)
Part IV Cryptographic Services
11. Cryptographic Framework (Overview)
12. Cryptographic Framework (Tasks)
Part V Authentication Services and Secure Communication
14. Using Pluggable Authentication Modules
17. Using Simple Authentication and Security Layer
18. Network Services Authentication (Tasks)
19. Introduction to the Kerberos Service
20. Planning for the Kerberos Service
21. Configuring the Kerberos Service (Tasks)
22. Kerberos Error Messages and Troubleshooting
23. Administering Kerberos Principals and Policies (Tasks)
24. Using Kerberos Applications (Tasks)
25. The Kerberos Service (Reference)
You can limit remote logins, require users to have passwords, and require the root account to have a complex password. You can also display a security message to users, monitor failed access attempts, and disable logins temporarily.
The following task map points to procedures that monitor user logins and that disable user logins.
|
When you change the root password, you must comply with the password requirements that apply to all users of the system.
Before You Begin
You must assume the root role. For more information, see How to Use Your Assigned Administrative Rights.
# passwd root New Password: Re-enter new Password: passwd: password successfully changed for root
A message prints to the screen if your password does not conform to requirements. The messages are informative. After three attempts, you must run the command again to change the password.
passwd: Password too short - must be at least 6 characters. passwd: The password must contain at least 2 alphabetic character(s). passwd: The password must contain at least 1 numeric or special character(s).
Before You Begin
You must assume the root role. For more information, see How to Use Your Assigned Administrative Rights.
# logins -x -l username
Displays an extended set of login status information.
Displays the login status for the specified user. The variable username is a user's login name. Multiple login names are separated by commas.
The logins command uses the appropriate password database to obtain a user's login status. The database can be the local /etc/passwd file, or a password database for the naming service. For more information, see the logins(1M) man page.
Example 3-1 Displaying a User's Login Status
In the following example, the login status for the user jdoe is displayed.
# logins -x -l jdoe
jdoe 500 staff 10 Jaylee Jaye Doe
/home/jdoe
/bin/bash
PS 010103 10 7 -1Identifies the user's login name.
Identifies the user ID (UID).
Identifies the user's primary group.
Identifies the group ID (GID).
Identifies the comment.
Identifies the user's home directory.
Identifies the login shell.
Specifies the password aging information:
Last date that the password was changed
Number of days that are required between changes
Number of days before a change is required
Warning period
Before You Begin
You must assume the root role. For more information, see How to Use Your Assigned Administrative Rights.
# logins -p
The -p option displays a list of users with no passwords. The logins command uses the passwd database from the local system unless a distributed naming service is specified in the password property of the system/name-service/switch service.
Example 3-2 Displaying Accounts Without Passwords
In the following example, the user pmorph and the role roletop do not have passwords.
# logins -p pmorph 501 other 1 Polly Morph roletop 211 admin 1 Role Top #
Temporarily disable user logins during system shutdown or routine maintenance. root logins are not affected. For more information, see the nologin(4) man page.
Before You Begin
You must become an administrator who is assigned the solaris.admin.edit/etc/nologin authorization. By default, the root role has this authorization. For more information, see How to Use Your Assigned Administrative Rights.
# pfedit /etc/nologin
For an example of using the solaris.admin.edit/etc/nologin authorization, see Example 3-3.
Example 3-3 Disabling User Logins
In this example, a user is authorized to write the notification of system unavailability.
% pfedit /etc/nologin ***No logins permitted.*** ***The system will be unavailable until 12 noon.***
To monitor all failed login attempts to the system, refer to the audit trail that is generated by the auditing service. For more information , see Part VII, Auditing in Oracle Solaris.
|