Prevent root login LXDM

Dear forum readers,
I'm using LXDM as my display manager and I want to prevent root from logging in. In the config file /etc/lxdm/lxdm.conf I noticed that I can disable the user list and blacklist users. Sadly when blacklisting root, it really doesn't do anything.
Anybody who can advice?
Regards,
Alex

I've recently discovered that I can disable root login by changing the /etc/pam.d/lxdm file. Currently the PAM file for LXDM looks like this:
auth requisite pam_nologin.so
auth required pam_env.so
auth required pam_unix.so
account required pam_unix.so
session required pam_limits.so
session required pam_unix.so
password required pam_unix.so
I have no clue however how to do it properly. All the examples I found online were for GDM.

Similar Messages

How to prevent multiple logins by using HttpBindingListener

Hi,
Can anyone tell me how do i actually use session to prevent multiple login from different machine? From my understanding, i need to use HttpBindingListener to valueBound and valueUnbound when user tries to login, but i encounter a problem is my session is always overwritten since i use setAttribute() method in servlet.
For instance i use username(aaa & bbb) to login in two different machine, my login is always overwritten if i use username bbb to login after username aaa. i know it is because setAttribute() method overwrite existing session data, so i would like to know what other method should i use to achieve what i want, tks.

Hi,
This is the logic for session :
Connect to db for verification, once verified, system return a UserBean and this UserBean will be set in ClientSecurityEngine
When this particular user has been successfully verified, a new session will be created
if(success)
    session = request.getSession();
    User user;
    synchronized(session)
    user = (User) session.getAttribute("user");
    if(user == null)
       user = new User(ClientSecurityEngine.getInstance().getUserBean().getUsername());
       session.setAttribute("user", user);
/* User class */
public class User implements HttpSessionBindingListener {
    private static Map<String, HttpSession> logins = Collections.synchronizedMap(new HashMap<String, HttpSession>());
    private String username;
    public User(String username) {
        this.username = username;
    public String getUsername() {
        return username;
    @Override
    public void valueBound(HttpSessionBindingEvent event) {
        if (logins.containsKey(getUsername())) {
            HttpSession session = logins.remove(getUsername());
            if (session != null) {
                session.invalidate();
            logins.put(getUsername(), event.getSession());
        } else {
            logins.put(getUsername(), event.getSession());
    @Override
    public void valueUnbound(HttpSessionBindingEvent event) {
        logins.remove(getUsername());
}Edited by: EJP on 21/07/2011 14:22: added {noformat}{noformat} tags so we can actually read your code. Please use them.

Root login

Hello all,
I've a problem with root login password in Solaris.
After I installed a patch the root password became empty, so to login as root I don't have to type any password, just username: root.
I've tried the passwd command but it still doesn't work, it asks for password when I type su but still automatically logs in with root username and don't ask the password ...
Does anyone knows how can I solve this?
Thanks!!!

Have you check the /etc/passwd and /etc/shadow file status. try running pwconv command and try set a password

How to prevent re-login when switching in the application between different module in 6.1.1.1.11?

How to prevent re-login when switching in the application between different module in 6.1.1.1.11?
Please help me to figure out this or resolve this issue?

Be sure to check that your Remoting Container service is running. If it is not, restart the service, and if it goes down again, check the event logs.
Make sure that the AuthenticationBridgeService is enabled in your EnvironmentSettings.config, and the remoting container user is configured using the SetupAssistant.
<RemotingContainer>
         <ConfigInfo configChildKey="key">
               <add key="UserID" value="@@VAR:Prodika.RemotingContainer.SysUser@@" />
         </ConfigInfo>
        
         <RemoteServices configChildKey="name">
             <Service
                 name="AuthenticationBridgeService"
                 port="@@VAR:Prodika.AuthenticationBridge.Port@@"
                 isActive="true" />
If the Remoting Container Service fails, please contact Support with details from the event logs.

Control root login

Hi,
Does there is any option to control root login via ssh or su. At a time only one person can login via ssh or su
If any other trying to access it will throws error like "Already in use"
Regards
Siva

Through SSH, You can use PermitRootLogin directive to control root login.
To allow specific users to ssh, use AllowUsers directive
To control su, through sshed teminal, tweak PAM settings.
To limit only one session / Server use IPtables and use "HITCOUNT" option.

Passwod for Root login in Terminal:

It seems I had set up the login password for the Administrator that shows when you start/restart the system different from the root login of the terminal. Is that possible?
I lost my root password, and clueless. My login to the computer using Administrator' name is working fine. But when I enter su at terminal, it asks for the password, and the password seems different from the login password of the administrator. How to reset the root login password?
Please help.

By default, root login is disabled, so no password you enter is going to work.
You can use /Applications/Utilities/NetInfo Manager to enable or disable the root account.
Alternatively, if you really need a root shell, use sudo -s (assuming your account is in the admin group and can use sudo). This is actually the preferred method of obtaining a root shell.

Solaris 11 AutoInstaller service profile for ssh to enable root logins?

Hi Guys,
I have got a basic system configuration profile that sets various things for my newly installed solaris 11 client.
I was curious if anyone has a xml service configuration declaration I could use that configures the ssh service to allow remote root logins.
I'd appreciate it.

SSH configuration is not held in SMF but in /etc/ssh/sshd_config so it is not currently possible to use just an AI/SC manifest & profile to do what you ask.
You need do deliver an updated /etc/ssh/sshd_config file with "PermitRootLogin yes", you will also need to have your SC profile setup so that the root account is not configured as a role. Y
ou can deliver the /etc/ssh/sshd_config file either in an IPS package or you could do it with a custom [first boot script|http://docs.oracle.com/cd/E26502_01/html/E28980/firstboot-1.html#scrolltoc] or use a software_type of archive in your AI manifest to deliver it via cpio/tar.

How to prevent BIP login screen pop-up when opening BIP report from Dashbo

Hi
My customer linked BI Publisher report on the Dashboard page by setting
"Embedded Content" as "http://172.18.1.91:7001/xmlpserver/servlet/report".
Customer could open Dashboard directly(just login Dashboard. no need to login BIP) until applied patch 13399232.
After applied this patch,BIP login scrren pop-up everytime when opening dashboard.
Customer's BIP is 10.1.3.4.
Is there any way to prevent BIP login pop-up?
I tested in my BIP 10.1.3.4 enviroment which patch 13399232 doesn't be applied in.
I got the different behaviour with customer's.
I have to login BIP everytime when I openning dashboard.
The only difference between my setting with Customer's is that I added
"Embedded Content" as http://jpdel1203.jp.oracle.com:7777/xmlpserver/~administrator/Test/Test.xdo (It's hostname not IP address)
Is there sth i should set between BIP and dashboard ?
Does anyone kindly advise it?
Thank you in advance.
Best Regards
Liying

Check your BIP integration with Analytics: BIP Admin integration with SAW. Ensure the user and password to proxy into BIP from BIEE is correct.
regards
Jorge

Enable ftp root login on S11

Hi ,
I am testing ftp on a quite recent version of S11: S11u11 update1
#Last login: Thu Mar 1 15:22:29 2012 from qlogic-47fezfvt
Oracle Corporation SunOS 5.11 11.1 January 2012
I am wondering why the ftp root login remains disabled, even after I removed "root" from /etc/ftpd/ftpusers and reboot?
Mar 1 15:48:43 galilei proftpd[2294]: galilei (::ffff:172.27.1.112[::ffff:172.27.1.112]) - SECURITY VIOLATION: root login attempted.
Any idea how to allow ftp root login?
Tom

Hi Tom,
I haven't checked the docs for all the steps to enable ftp,
but I see this output on my s11 system:
# svcs -a | grep ftp
disabled Feb_17 svc:/network/ftp:default
disabled Feb_17 svc:/network/tftp/udp6:default
Have you enabled the service?
Thanks,
Cindy

How can I prevent iCloud login requests?

On OS X 10.10.1, on every login I get two requests to login to iCloud. See the screen cap (email address obscured):
How can I prevent iCloud login requests appearing?
Is it a bug? I'm not an iCloud user. It's annoying and slows down the boot process.

It's a really bad idea to post your email address, even in an image - it's an invitation to spam - and I've asked the Hosts to remove it.

Group Policy to clear down MRU lists and to clear or to prevent user login details for programs such as Remote Desktop from being recorded

Hi there,
Please can anyone instruct me on how to set up Group Policy to clear down MRU lists and to clear or to prevent user login details for programs such as Remote Desktop from being recorded. Your help would be much appreciated.
Kind regards,
RocknRollTim
P.S. I was redirected by a forum user off the Microsoft Community forum.

Hi RocknRollTim,
Agree with Jason. Using a script will be a better option.
Just addition, for history of RDP Connections, please open Registry Editor and follow the path:
HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Default. Please check if find MRU registry items where the name (or the IP address) of the terminal server is kept in.
Please also follow the path: HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Servers. It contains
the list of all RDC (remote desktop client) connections that have ever been established from this computer.
When expand Server folder and select a node, you will see the UsernameHint key that show the name of the user connected by rdp.
Please back up registry items to avoid unexpected issues before any operation.
If any update, please feel free to let us know.
Hope this helps.
Best regards,
Justin Gu
Thank you for responding back Justin Gu and I agree with both you and Jason Miller that a script can easily achieve this task. Thank you all for your help.
Many thanks,
RocknRollTim

Prevent duplicate login

Hi there,
I wonder if there is any approach to prevent duplicate login to Weblogic
server using the same userID and password.(weblogic provided or programmatic
is OK). I tried to use a table to maintain the current active user
information, but when the user just quits the browser or the weblogic server
is shut down, this will not work because the flag still remain in the table.
Does anyone have try it before or know how to do it?
Thanks in advanced.
Ken

Thanks for your reply.
Actually, I am now using the similar solution except that I place a static
field(a hashtable) in the class that implements the
HttpSessionBindingListener to record the current users rather than store the
information in database table. Thus when the application server shuts down,
I don't need to clear the dirty data in the table.
Ken
Andy <[email protected]> wrote in message
news:[email protected]...
>
i'm doing the same thing with an application. i've extended theAuthFilter class
and whenever a user logs into the application i insert a row into a"current users"
table. i also set an object into the user's session that implements theHttpSessionBindingListener.
when the session expires (either by the user by logging out or times outwithin
weblogic) the server calls my class that was inserted into the user'ssession
at which time i remove the row from the "current users" table.
hope this helps -
"Neil Smithline" <[email protected]> wrote:
I believe that due to the loose coupling of a web browser and the server
as
defined in the HTTP spec, there is no way to ensure that both sides have
an
identical concept of "logged in". Any solution you propose will have
errors
as you described below. The server just plain can't tell the difference
between a slow-to-respond user, a user who's browser has crashed, a user
who
is having network problems, etc... This is not a WLS specific problem,
it
is HTTP.
Neil Smithline
WLS Security Architect
BEA Systems
"Ken Hu" <[email protected]> wrote in message
news:[email protected]...
Hi there,
I wonder if there is any approach to prevent duplicate login to
Weblogic
server using the same userID and password.(weblogic provided orprogrammatic
is OK). I tried to use a table to maintain the current active user
information, but when the user just quits the browser or the weblogicserver
is shut down, this will not work because the flag still remain in thetable.
Does anyone have try it before or know how to do it?
Thanks in advanced.
Ken

Preventing Multiple Logins

Is there a fairly simple way to prevent a user from having more than one concurrent login? I want to prevent the same user from logging in more than once by starting multiple telnet sessions or using multiple terminals.
Thanks!

Number 2 should happen naturally, AFAIK. As long as the session key is stored in a browser cookie (not given an expiration date in the future), closing the browser (that is, closing all open browser windows) should end the session. Of course, it will take a while to time out on the server. Also, if you've got three IE windows open and you close one of them, the cookie (and session) will remain.
As far as the simultaneous multiple logins goes... You could just store a Set of "logged in users" in the servlet context, and then make sure that a user trying to log in is not a part of that set. I guess you'd have to use an HttpSessionBindingListener to remove them from the Set when their session times out or is forcefully invalidated.
Of course, if you do that, you would run into problems when the following happened:
(1) Logged-in user closes browser, losing temporary session key cookie.
(2) User realizes they forgot something, opens a new browser window, and tries to log in.
(3) Session still hasn't timed out on the server, so the user is denied login.
My guess is that people would complain. I think the requirements are nearly impossible to do right. There's just no way to know for sure (on the server) whether a user still has their browser open at the other end, and so that leaves you open to the aformentioned problem if you try to prevent simultaneous logins of a single user.
I could be wrong, though.

Root login is blocked from telnet ssh pam_unix_session: Can't write lastlog: uid 0: I/O error

Root login is blocked from telnet ,ssh error : pam_unix_session: Can't write lastlog: uid 0: I/O error
sshd[1969]: pam_unix_session: Can't write lastlog: uid 0: I/O error
sshd[1970]: pam_unix_session: Can't write lastlog: uid 0: I/O error
sshd[1983]: pam_unix_session: Can't write lastlog: uid 0: I/O error
sshd[1984]: pam_unix_session: Can't write lastlog: uid 0: I/O error
sshd[2023]: pam_unix_session: Can't write lastlog: uid 0: I/O error
sshd[2021]: pam_unix_session: Can't write lastlog: uid 0: I/O error
genunix: vn_rdwr failed with error 0x6
genunix: kobj_load_module: smp read header failed
genunix: vn_rdwr failed with error 0x6
genunix: kobj_load_module: ses read header failed
sshd[2037]: pam_unix_session: Can't write lastlog: uid 0: I/O error
sshd[2035]: pam_unix_session: Can't write lastlog: uid 0: I/O error
please suggest for the issue , occurs frequently in solaris 10

please verify your underlying hardware

Kde root login no longer present(Solved with set true kdmrc)

How to enable root log-in in Kde log-in window.
Window shows Root
Password......
Upon entry of password, error message says :
!root logins not allowed.
What change is necessary to allow root log-in?

Hi lilsirecho.
I hope these comments will be helpful. I'm not quite certain what you're problem is with your root account.
1. Give your root account a root password. Log in as root, and run:
passwd root
You can get to this console by pressing the tri-chord:
Alt-Ctrl-Fn
where Fn is F1 ... F7 (or whatever consoles you've set up in '/etc/inittab') and then logging in.
2. You should be able to run KDE as root or as a regular user if you log into root or your regular user account. If you're starting from a console, you'll need to run 'startx', of course. You may need to stop the already running X instance: run 'init 3' as root. To restart X, run 'init 5' as root. This should take you to the KDE login.
3. Once you have KDE up and running, go to the KDE Control Center->System Administrator->Login Manager. To change the login you'll need to have administrative ('root') privileges (that's why you'll need a root password). You'll see a button in the lower left corner of the Login Manager screen to give you 'Administrator Mode'. You should see in the 'Users' tab a list of login users with options to hide and set icons in login screen. Make certain that 'root' is marked appropriately here.
4. After you've done your KDE Control Center configuration for the KDE login, you should be able to log out and restart KDE with a root user as an option.
Regards,
Win

Prevent root login LXDM

Similar Messages

Maybe you are looking for