Re: dtlogin

From: Casper Dik (Casper.Dik@Sun.COM)
Date: 12/29/01


To: Kapetanakis Giannis <bilias@edu.physics.uoc.gr>
Date: Sat, 29 Dec 2001 11:48:50 +0100
From: Casper Dik <Casper.Dik@Sun.COM>


>Does anyone know a way i would prevent logins with dtlogins
>directly on system console for a nis client, but allow normal
>logins (ssh)

You want to disable dtlogin *on the console*?

>I'm looking for a clean way, and not changing the default shell
>for nis users....

There's no supported way to distinguish between NIS users and others
other than using the "compat" nsswitch option and playing tricks with
their password entries.

Why do you want to disable console logins for NIS users but allow them
ssh access?

Or did I misunderstand the question and is what you really want disabling
dtlogin over the network? That is easily solved:

The solaris FAQ says:

3.59) How can I restrict remote access through dtlogin?

    Copy to /usr/dt/config/Xaccess file to /etc/dt/config.

    Comment out the following lines if you want to fully restrict access:

     * # grant service to all remote displays
     * CHOOSER BROADCAST #any indirect host can get a chooser

    The dtlogin(1x) manual page explains how to have more fine grained
    control.

    --- end of excerpt from the FAQ

The most recently posted version of the FAQ is available from
<http://www.wins.uva.nl/pub/solaris/solaris2/>