From: Brehl, Blake (Blake.Brehl@anritsu.com)
Date: Thu Aug 29 2002 - 15:11:30 EDT
Original post below. Many thanks to Ann Majeske, as this had to do with the
psuedo device limit (several people were hitting the server while there was
/etc/nologin lockout):
:t_maxtries#10
in the /etc/auth/system/default file. This failure was occuring almost
consistently, but sometimes we were getting in.
Used edauth -g dt > somefilename
and searched for t_failures#10 where the number was 10 or greater. Find
the associated t_devname, like t_devname=pts/101. Set your editor to vi and
edit with:
edauth -dt pts/101
to replace the number 10 with 0 or remove the t_failures entry entirely.
Another lock to look for is l_lock: where as l_lock@: is fien and unlocked.
Depending on your security you can add t_maxtries## to specific pty's using
edauth -dt pty#, or up it for all in the default file.
Best Regards, Blake
Ann Majeske's post>>>>
Since your message is "Terminal is disabled" your problem
is probably in the ttys database (see man ttys). It could
also be in the default database (see man default). You can
view and/or modify the contents of these databases with
the edauth command. There's probably a way to manipulate
the ttys database with the dxaccounts GUI, but I don't know
how to do that offhand.
Most likely, some of your ttyp* entries in the ttys database
have a t_failures value higher than t_maxtries. This is
most likely due to other people failing to login because
they're new users and/or you confused them by requiring them
to change their passwords :) I'd just use edauth to remove
the t_failures field from the offending ttyp* entries. If
this happens often, you might also want to consider upping
the value of t_maxtries in the default file.
You might want to try using the authck command to make sure
you don't have any corruption in the databases.
<<<<<end Ann's post
original post>>>>>
Hello,
I was doing some usermod changes, and now have the message:
Terminal is disabled -- See Account Adminsitrator
for telnet sessions for the root account (we do desire that the root can
telnet in).
Tru64UNIX 5.1 ENHANCED
The command I was running were: usermod -x passwd_must_change=1 $username
usermod -x
administrative_lock_applied=1 $username
in a loop against a text list of accounts. There were 3 failures on
passwd_must_change for disabled accounts.
It's a GS80 and I have the SMC console (serial) but no CDE.
The etc/securettys entries are: /dev/console
local:0
:0
ptys
There is no /etc/nologin file
Time is off essance. Any ideas how to correct this?
Best Regards, Blake
This message is intended for the use of the individual/entity to whom it is addressed. This message may contain privileged information exempt from disclosure. If you are not the addressee, distribution or copying of this message, or dissemination of the information contained herein is strictly prohibited. If you should receive this message in error, please destroy it, or return to sender, Thank You
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:48:50 EDT