From: Paul.Soltermann@vonroll-isola.com
Date: Mon Feb 28 2005 - 02:22:01 EST
Hi,
Thanks to David Lodge and Mark Gosselin for similar statements see below
.
Meanwhile i got another suggestion from Bill Hassell, so I'm compelled to
keep my transition period for usernames really short:
And just to amplify the potential problems. You'll fail every Unix audit
for security if the output of the command: logins -d shows duplicate
usernames. This is the first technique hackers use to get into your
system.
Thank you Bill !
Paul Soltermann
----- Weitergeleitet von Paul Soltermann/ISOLA am 24.02.2005 13:36 -----
I had a big rant about this before.
The most important thing to remember is that a user in Unix terms is the
userid (119 on the below example) - the name entry in /etc/passwd or the
/tcb is just an alias to match the user authentication string (i.e. the
password).
So in the case below, both the username and the password match to userid
119; so both are userid 119.
This will work; but has potential problems with, for example password
changing and other parts of the user security functions. Also, some dodgy
programs read /etc/passwd directly rather than using the library calls and
may not work in this state.
So, if you are doing this - it may work; but may cause problems, so keep
your transition period really short.
BTW what's wrong with just changing the usernames?
dave
----- Weitergeleitet von Paul Soltermann/ISOLA am 24.02.2005 13:36 -----
"Gosselin, Mark" <gosselinm@netscout.com>
24.02.2005 13:13
An: <Paul.Soltermann@vonroll-isola.com>
Kopie:
Thema: RE: [HPADM] Aliasname for UNIX user
As long as your UID and GID are consistent, there shouldn't be any issues.
You may want to consider the possibility
that changing the password for one will not change the other. Two
different password changes will need to be made each
time the password changes. Also, you're increasing, by a small margin, the
amount of administration required to maintain
your user base, because you'll need to create two accounts for every user.
>From afunctionality standpoint, there are really no ill effects that would
occur as a result.
Hope this helps,
Mark Gosselin
Sr. Unix Administrator
NetScout Systems, Inc.
-----Original Message-----
From: hpux-admin-owner@DutchWorks.nl on behalf of
Paul.Soltermann@vonroll-isola.com
Sent: Thu 2/24/2005 4:50 AM
To: hpux-admin@dutchworks.nl
Cc:
Subject: [HPADM] Aliasname for UNIX user
Hi admins,
My windows collegues built a new name convetions for
usernames . I have to reproduce this on hp-ux environment.
I tryed the following in /etc/passwd:
i08183:7JxxJTH4bFHtw:119:201:Soltermann
Paul,,647,:/home/i08183:/usr/bin/ksh
soltermp:7JxxJTH4bFHtw:119:201:Soltermann
Paul,,647,:/home/i08183:/usr/bin/ksh
a short test shows that our application accept both
usernams (for transitional period) , are there any big downsites to
consider ?
kind regards
-----------------------------------------
Schweizerische Isola-Werke AG
Paul Soltermann
Passwangstrasse 20
CH-4226 Breitenbach
Email: paul.soltermann@vonroll-isola.com <Mailto:paul.soltermann@vonroll-isola.com>
-----------------------------------------
--
---> Please post QUESTIONS and SUMMARIES only!! <---
To subscribe/unsubscribe to this list, contact majordomo@dutchworks.nl
Name: hpux-admin@dutchworks.nl Owner: owner-hpux-admin@dutchworks.nl
Archives: ftp.dutchworks.nl:/pub/digests/hpux-admin (FTP, browse only)
http://www.dutchworks.nl/htbin/hpsysadmin (Web, browse & search)
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 11:02:46 EDT