Preventing application account access

From: Roberts, Blake (broberts@ercot.com)
Date: Thu Aug 15 2002 - 14:31:49 EDT

• Next message: Roberts, Blake: "[ADDENDUM] Preventing application account access"
• Previous message: Notari, Ed: "RAID cards for ES40 running Tru64 v5.1A"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Folks,

I'm running a Tru64 5.1 PK5 Enhanced Security environment. Per a new (and decent) password policy that is being implemented, I need to restrict the application admin accounts so that they will su from a personal account to the administrative account (such as oracle), similar to what you need to do if root is locked down properly.

My problem is, in base security, if I lock the account, you can log in as a user, then su to it just fine. In enhanced security, you can't do that. It needs to be unlocked to be able to log into it. Does anyone know of a trick, edauth flag, etc, that needs to be set for the account to be able to be su'd to, but not directly logged in to?

Best regards,

--Blake Roberts
UNIX Systems Administrator
ERCOT-Austin
512.225.7178
512.695.5071 (cell)

• Next message: Roberts, Blake: "[ADDENDUM] Preventing application account access"
• Previous message: Notari, Ed: "RAID cards for ES40 running Tru64 v5.1A"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:48:49 EDT