Using SSH login to create Kerberos ticket?

Similar Messages

• Function Module to create TSW-TICKET

  Hi,
  I was using FM 'OIJ_EL_A_TICKETS_MAINTAIN_N' to create a ticket, with the similar data by which I was actually able to create a ticket manually using O4TEN. The ticket is not actually created completely by this FM.
  The FM is creating a record in tables OIJ_EL_TICKET_H and OIJ_EL_TICKET_I but the status and substatus values are "B"(Checked) and "4"(Positive), which is why the ticket is not create completely.
  for the tickets which are created manually using O4TEN the status and substatus values are "C"(Planned) and "6" (Complete).
  I checked the program for O4TEN in debug mode and found that after calling FM   'OIJ_EL_A_TICKETS_MAINTAIN_N'  the program is calling other subroutines like "PERFORM generate_documents_for_ticket" "PERFORM ticket_enqueue"   in the inclulde "MOIJTNF38" for document generation and others.
  The program is using some additional methods in addition to 'OIJ_EL_A_TICKETS_MAINTAIN_N'.
  If you have ever used a FM or a BAPI to create ticket which takes care of all these and creates a ticket completly, kindly let me know.
  If you have any procedures(like the combination of a FM-'OIJ_EL_A_TICKETS_MAINTAIN_N'   or BAPI with a BADI) Let me know.

  Try enquing the ticket using FM "ENQUEUE_E_OIJTKT" after the ticket is created by the FM OIJ_EL_A_TICKETS_MAINTAIN_N,
  Call the FM OIJB_GENERATE_DOCUMENTS_N for the above created ticket with proper parameters and then DEQUEUE the ticket using FM DEQUEUE_E_OIJTKT.
  This should generate the documents for the ticket.
  Do let me know if it still doesnt work..
  Best Regards
  Vishnu

• Cannot log back into ePrintCenter using Google login after changing email address

  I used Google login to create the account. Afterwards, I changed my email address from gmail.com to my other personal email address without thinking about the consequence. Now I can't login using my gmail.com address nor my other personal email address. What can I do?

  Hello,
  Thanks for writing!
  I should be able to help!  What was the email address you used to sign up originally?  What was the second email address?  Which is the address you want to use for the ePrintCenter?
  Once I have all of the information I can remove the WRONG accounts so the RIGHT one will be usable.
  Sincerely,
  Eric Foster
  Community Manager
  ePrintCenter
  Although I am an HP employee, I am speaking for myself and not for HP

• Passwordless ssh login using kerberos in Directory Server 5.2

  Hello all,
  I am trying to do passwordless ssh login in directory server 5.2 . I have done everything on directory server and client such as enabling sasl/gssapi, configuring kdc, creating gssapi profile, identity mapping, configured client with that profile. ldapsearch with -o mech=gssapi works fine.
  But still i can't do password less ssh login. However, i can do passwordless login with the kerberos principal for local user but not for user which is in directory server.
  Any help will be greatly appreciated.

  Hello all,
  I am trying to do passwordless ssh login in directory server 5.2 . I have done everything on directory server and client such as enabling sasl/gssapi, configuring kdc, creating gssapi profile, identity mapping, configured client with that profile. ldapsearch with -o mech=gssapi works fine.
  But still i can't do password less ssh login. However, i can do passwordless login with the kerberos principal for local user but not for user which is in directory server.
  Any help will be greatly appreciated.

• How do I create a kerberos ticket using coldfusion

  I have 3 apps on our intra net that require authentication and would like to use kerberos to accomplish this. This is my set up.
  users log in to the network and authenticate via active directory (all windows based) , Our web apps are on a box running solaris 10, weblogic app server, cf 9 and oracle 11g.  A group of our web apps on this sever require users to authenticate through oracle (not the web / app server).
  I can authenticate with kerberos via a putty session on the server with no problems.
  USEING COLDFUSION, how do i request a kerberos ticket and pass the necessary credentials to authenticate.?
  can this be done.?
  I am looking for a CODE SAMPLE OF HOW DO THIS IN A UNIX environment  NOT WINDOWS.
  I appologize for the frustrated tone of this post. However, after a week of reading documentation til my eyes bleed, to end up chasing my tail with no truly help info............
  TIA
  JB

  This is something your web server should do, not CF. Configure your web server to participate in the Kerberos realm. If WebLogic is the web server (and not just the application server) configure that:
  http://download.oracle.com/docs/cd/E13222_01/wls/docs81/secmanage/sso.html
  If you have WebLogic configured to use Apache as a web server, configure that:
  http://modauthkerb.sourceforge.net/
  http://support.microsoft.com/kb/555092
  Dave Watts, CTO, Fig Leaf Software
  http://www.figleaf.com/
  http://training.figleaf.com/

• Can login, but can't get Kerberos ticket

  Hi,
  This is on OS X Server 10.5.8, all up to date, and an OS X Client 10.6.4, all up to date.
  One user in particular can login, however they can't get a kerberos ticket (iChat and other apps fail to login). They can use the Ticket Viewer app to see that there is no ticket, but then add an identity manually and it all works fine.
  If I change the password via Workgroup Manager they can login with that new password. I also ticked "change password at next login", however the client didn't pick that up (although they logged in with the new password).
  Also, when trying to change the password via System Prefs, it says the old (current) password is incorrect, even though its the same as they logged on with.
  I'm pretty sure the problems are to do with the Kerberos login check failing (as seen in the log below) - but why would the user be able to login, yet fail the kerberos authentication check?
  Output from password server log:
  Nov 2 2010 10:24:52 RSAVALIDATE: success.
  Nov 2 2010 10:24:52 AUTH2: {0x46ac8ee739c0ff000000000e0000000e, nhankey} DHX authentication succeeded.
  Nov 2 2010 10:24:52 KERBEROS-LOGIN-CHECK: user {0x46ac8ee739c0ff000000000e0000000e, nhankey} authentication failed.
  Nov 2 2010 10:24:52 GETPOLICY: user {0x46ac8ee739c0ff000000000e0000000e, nhankey}.
  Nov 2 2010 10:24:52 GETPOLICY: user {0x46ac8ee739c0ff000000000e0000000e, nhankey}.
  Nov 2 2010 10:24:55 RSAVALIDATE: success.
  Nov 2 2010 10:24:55 AUTH2: {0x46ac8ee739c0ff000000000e0000000e, nhankey} DIGEST-MD5 authentication succeeded.
  Nov 2 2010 10:24:56 RSAVALIDATE: success.
  Nov 2 2010 10:24:56 AUTH2: {0x46ac8ee739c0ff000000000e0000000e, nhankey} DHX authentication succeeded.
  Nov 2 2010 10:24:56 KERBEROS-LOGIN-CHECK: user {0x46ac8ee739c0ff000000000e0000000e, nhankey} authentication failed.
  Nov 2 2010 10:24:56 RSAVALIDATE: success.
  Nov 2 2010 10:24:56 AUTH2: {0x46ac8ee739c0ff000000000e0000000e, nhankey} DHX authentication succeeded.
  Nov 2 2010 10:24:56 KERBEROS-LOGIN-CHECK: user {0x46ac8ee739c0ff000000000e0000000e, nhankey} authentication failed.
  Is there a way to see which tickets have been issued on the server?
  Thanks for any help.
  Regards,
  Steve

  ... bump ...

• Kerberos ticket not being created

  I have a user who authenticates to a 10.4.9 OpenDirectory server and is continualy having his account access turned off. He can log in to his computer but cannot mount a volume from a fileserver. If access is renabled in Workgroup Manager for his account he is able to mount a fileserver volume. It also seems that when he logs out and logs back into his computer no Kerberos ticket is created (or at least none shows up in the Kerberos app.
  The following is shows up in the kdc Log for this OD server:
  Nov 12 10:09:00 xserveod.ACMECORP.ca krb5kdc[284](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 192.168.10.95: NEEDED_PREAUTH: [email protected] for krbtgt/[email protected], Additional pre-authentication required
  Nov 12 10:09:00 xserveod.ACMECORP.ca krb5kdc[284](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 192.168.10.95: PREAUTH_FAILED: [email protected] for krbtgt/[email protected], Decrypt integrity check failed
  I've checked the time on his workstation and on the OD server and they are consistent, or at least within half a second of each other, so I'm not sure what the problem might be.
  Any ideas?

  Hi
  Presumably you enable the account, the user attempts to log in and when you go back to WGM the account is disabled again. Is that what happens. Does it also disable itself if you click Refresh after enabling the account? Does this happen even if you delete the user and recreate it again? Does it also happen if you change the User ID number to something else? For example change it from 1025 or whatever to 1125. Try forcing the user to change his/her password at next logon (Advanced > Options). Make sure the user uses a completely new one and does not use a password that they have used in the past.
  I would also make preparations to demote to Standalone just in case. Make sure you also have an effective and up-to-date backup. If you do have to demote I would hesitate in archiving the LDAP database as you may restore a corruption or deep-seated problem that has caused the issue in the first place. In which case you will soon be back to where you were. Export Users and Groups, prepare for the non transfer of passwords hit and unshare the folder being used for automounting Home Directories. Restart the server, repairs privs/perms. Create a new folder to be used for automounting Home Directories, check that DNS is configured correctly and repromote. Re-import Users and Groups. Re-share the folder to be used for automounting Home Directories, create new Home Folders for each User and copy over from previous home folders relevant files and data. Make sure you propagate permissions for each user in turn. Yes I know its a 'lowerbodypartsache' especially if you have lots of users, but if you do this now you should save yourself a lot of heartache later on.
  I’ve had to do this at several sites lately that had exactly the same problem you’ve described. At two of the sites it all started from the Self Signed Certificate expiring. This might be something you should look at also.
  Tony

• Not able to login to router using ssh when TACACS server is down

  When TACACS server is not reachable router is not allowing the local password to login using ssh. Router's SSH debug says authentication is successful but ssh client gets % Authorization failed meassage and disconnects.
  kindly see below debug output and config
  SSH server end:
  Sep 1 13:25:10.161: SSH1: starting SSH control process
  Sep 1 13:25:10.165: SSH1: sent protocol version id SSH-1.5-Cisco-1.25
  Sep 1 13:25:10.241: SSH1: protocol version id is - SSH-1.5-Cisco-1.25
  Sep 1 13:25:10.241: SSH1: SSH_SMSG_PUBLIC_KEY msg
  Sep 1 13:25:10.397: SSH1: SSH_CMSG_SESSION_KEY msg - length 112, type 0x03
  Sep 1 13:25:10.397: SSH: RSA decrypt started
  Sep 1 13:25:10.925: SSH: RSA decrypt finished
  Sep 1 13:25:10.925: SSH: RSA decrypt started
  Sep 1 13:25:11.165: SSH: RSA decrypt finished
  Sep 1 13:25:11.197: SSH1: sending encryption confirmation
  Sep 1 13:25:11.197: SSH1: keys exchanged and encryption on
  Sep 1 13:25:11.269: SSH1: SSH_CMSG_USER message received
  Sep 1 13:25:11.269: SSH1: authentication request for userid rao
  Sep 1 13:25:16.297: SSH1: SSH_SMSG_FAILURE message sent
  Sep 1 13:25:17.313: SSH1: SSH_CMSG_AUTH_PASSWORD message received
  Sep 1 13:25:17.317: SSH1: authentication successful for rao
  Sep 1 13:25:17.413: SSH1: requesting TTY
  Sep 1 13:25:17.413: SSH1: setting TTY - requested: length 25, width 80; set: le
  ngth 25, width 80
  Sep 1 13:25:17.525: SSH1: SSH_CMSG_EXEC_SHELL message received
  Sep 1 13:25:17.525: SSH1: starting shell for vty
  Sep 1 13:25:25.033: SSH1: Session terminated normally
  SSH Client end Log:
  % Authorization failed.
  [Connection to 10.255.15.2 closed by foreign host]
  COnfig:
  aaa authentication login default group tacacs+ line local
  aaa authentication login NO_AUTH line
  aaa authorization config-commands
  aaa authorization exec default group tacacs+ if-authenticated
  aaa authorization commands 15 default group tacacs+ if-authenticated
  aaa authorization configuration default group tacacs+
  aaa accounting exec default start-stop group tacacs+
  aaa accounting connection default start-stop group tacacs+
  ip domain-name cbi.co.in
  crypto key generate rsa
  ip ssh time-out 60
  ip ssh authentication-retries 3
  line vty 0 4
  password xxxx
  transport input telnet ssh
  Kindly reply your views

  I believe that the key to understanding your problem is to recognize the subtle difference between authentication and authorization. The authentication process appears that it does succeed but the authorization process has failed according to your error message:
  % Authorization failed.
  I see that most of your authorization commands include the parameter if-authenticated. But this command does not:
  aaa authorization config-commands
  I would suggest that you add the if-authenticated parameter to this command and see if it does not fix your problem.
  HTH
  Rick

• I can't login to solaris server using ssh(putty).

  Hi,
  I can't login to solaris server using ssh(putty).
  However I am able to login to that server using telnet.
  # pkginfo | grep -i ssh
  system SUNWsshcu SSH Common, (Usr)
  system SUNWsshdr SSH Server, (Root)
  system SUNWsshdu SSH Server, (Usr)
  system SUNWsshr SSH Client and utilities, (Root)
  system SUNWsshu SSH Client and utilities, (Usr)
  I see that ssh is running. Please suggest.
  # ps -ef | grep ssh
  root 392 1 0 Feb 27 ? 0:00 /usr/lib/ssh/sshd
  root 12523 392 0 Mar 03 ? 0:00 /usr/lib/ssh/sshd
  sbasha 12526 12523 0 Mar 03 ? 0:07 /usr/lib/ssh/sshd
  sbasha 10957 10954 0 Mar 03 ? 0:05 /usr/lib/ssh/sshd
  root 16495 16491 0 10:46:54 pts/2 0:00 grep ssh
  root 10954 392 0 Mar 03 ? 0:00 /usr/lib/ssh/sshd
  Thanks & Regards,
  -Gnanashekar-

  Hi,
  I found solution to the problem. By default sshd in solars 10 does not permit root logins.
  We need to edit /etc/ssh/sshd_config file as follows:
  PermitRootLogin yes
  and restart the sshd.
  #svcadm restart ssh
  Thanks & Regards,
  -GnanaShekar-

• How to login to remote machine using SSH?

  Hi,
  I have a requirement where in I am required to connect to a remote machine using SSH and execute some commands, say a tail -100 on some file over there and pull back output data from the remote machine.
  I know we can use sockets to connect to remote machines and Runtime.exec to execute external commands. But I am unable to tie together the two of these to achieve whatever I want to do.
  Is it possible to somehow connect w/o using a custom server socket? The problem is that there is no concrete list of servers to connect to. It will be decided by the user. So I will not be able to install a server socket on each and every machine.
  Any help would be most appreciated. Thanks a lot.
  With regards,
  Ganesh

  Hi,
  I am writing a java program that will try to use a SSH client to connect to a remote machine. I do not want to log into every single remote machine to moitor stuff over there.
  My plan goes like this:
  Have a web application that can connect to a DB for all information regarding remote servers to be monitored.
  Based on user selection of a particular server, use data from the DB to connect to the particular remote server and pull in some data.
  Hope I am clear enough now. Thanks a lot.
  Ganesh

• Shouldn't I be getting a Kerberos ticket when logging in to my Lion Server?

  I have a very small OS X network setup: one server, one client.  OD, DNS, etc. all working well.  One thing I noticed though is when I log into the server directly, I never have a Kerberos ticket and have to use kinit; when I log into the client, I always get a ticket automatically. 
  After logging in to the server (directly via console, not ssh), I open a terminal and klist shows:
  klist: krb5_cc_get_principal: No credentials cache file found
  I can 'kinit' at this point, provide my password and I will get a working ticket, but isn't this supposed to happen at login time the way it does on my client?
  I've made no modifications to /etc/pam.d/authorization:
  # authorization: auth account
  auth       optional       pam_krb5.so use_first_pass use_kcminit
  auth       optional       pam_ntlm.so use_first_pass
  auth       required       pam_opendirectory.so use_first_pass nullok
  account    required       pam_opendirectory.so
  What am I missing here?  Why woudn't I bet getting tickets at login on this system?
  Many thanks,
  -O

  @Strontium, not sure what the basis for your opinion is, the server login processes *is* a client of  OpenDirectory and Kerberos and subject to the same PAM authorization process and thus the creation of a Kerberos ticket.
  After nearly two days of digging, I found the issue was caused by the existance of user records for some of my network users in the /Local/Default directory on the server which had  an AuthenticationAuthority value pointing to an old, no longer used, Kerberos domain.  As these were OpenLDAP users, I hadn't even thought of examing the local directory until I noticed that the expected Kerberos ticket behavior was working properly for one of my accounts which was not a 'mobile' account.  I then realized only my 'mobile' accounts (which were nearly all of them) were the only accounts showing this problem. 
  I believe what happened is when I changed server's kerberos name at some point in the past (by backing up the OpenLDAP records, demoting the master, re-creating the master with the new Kerberos name, importing the records, and resetting passwords); I never thought to clean up any locally cached user records for my 'mobile' users.
  To fix: I used the Directory Utility to delete the users from the local cache.  On next login by a mobile user, a correct local user record was created reflecting the proper Kerberos authority and now I'm getting Kerberos tickets on login again. 

• Mobile accounts are not being issued kerberos tickets

  Hi
  If I set mobile accounts to expire as soon as they log out, as soon as the user logs back into the same mac with the same account, it does not get issued another kerberos ticket at login.
  If I turn mobile accounts off, it works every time.
  running 10.6, 10.6 open directory server and the user accounts are AD accounts server 2003.
  I am pulling my hair our here. Is this something that is intentional?

  Other observations:
  *1. from /Library/Logs/DirectoryService/DirectoryService.error.log*
  2010-06-18 14:04:11 CEST - T[0xB0185000] - Misconfiguration detected in hash 'Global UID':
  2010-06-18 14:04:11 CEST - T[0xB0185000] - User 'user1' (/LDAPv3/macsrv1.disney.ch) - ID 1035 - UUID 80699B6C-A90E-4D2F-9B07-FB78F72E9709 - SID S-1-5-21-4063190502-2217233148-2094676766-3070
  *2. user IS showing up in the login window.*
  If I configure the login window to show all users (including network users), then user1 does indeed show up.
  *3. Logging into user1 via ssh works.*
  *4. dscl on macsrv1*
  dscl /LDAPv3/127.0.0.1 -list /Users
  does indeed show user1 (and any other user I create)
  So why can't I login/create user1 on the client mac without toggling the FULL PATH to /Network/Servers/macsrv1.disney.ch/users/user1 first? arghh!

• Initial Kerberos ticket only 10 minutes- how to fix?

  I have a 10.5.8 server with OD and AFP set up.
  I have an OD user account. I have two client machines, both bound to the OD server with Directory Utility.
  On client A (10.5.8), I have a local user account that is "Managed, Mobile" with the same username/password as my OD account, but I'm using my local home directory as my default and not syncing to my server home directory.
  On client B (also 10.5.8), which is a shared machine, I do not have a local account matching my OD account.
  On every startup of client A, I automatically get a Kerberos ticket for the server, as I'd expect, but it has a life of only 10 minutes and does not auto-renew. As long as the ticket is valid, I can connect to and mount sharepoints on the server (without new authentication). Once the ticket expires, I can't connect to the AFP server without manually renewing the ticket (I use the Kerberos client) or re-booting. (Otherwise, I get a login prompt but credentials are not accepted.) If I renew the ticket, it renews for 10 hours and then I can connect to the AFP server, but I have to do this manually. It doesn't appear to matter whether I've set client A to trusted binding. I've set Kerberos preferences on A to a minimum and maximum ticket life of 10 hours, but this doesn't help.
  On client B (also 10.5.8), with a similar setup in Directory Utility, I get a 10 hour ticket. (If I login at startup with my OD account, I get the Kerberos ticket immediately. If I login in with a local account, I'm prompted to authenticate when I attempt to connect to the AFP server and then can use my OD account to connect.) I've not waited to see if this ticket will auto-renew, but my Kerberos preferences (on both A and B) are set to a renewable life range of 7 days and I'm guessing that it will auto-renew on B.
  Client B behavior is what I expect. Client A behavior I don't understand. Can anyone help me figure out what's happening (keeping in mind that I'm an OD novice!), so that I can stop client A from creating a ticket with such a short life?
  Thanks in advance for any help.

  I am not really following what you have and what you want here.
  Each Sequence is unique, and has a Duration that is equal (or should be) to the total Duration of the Assets on that Sequence.
  It is not until one defines the output and delivery of those Sequences, that any concern needs to be made for the Duration, and then the TimeCode for that delivery will incorporate the Durations from all Sequences used.
  Let's take a DVD as an example. One edits in Sequences. Their Durations will be determined by Clips on each Sequence. While there are different workflows here, I am going to keep it very simple. I am also going to save typing, and just list the minutes of Duration for each Sequence.
  I have 4 Sequences, #1 thru #4. I Export each Sequence as an AV file (DV-AVI on PC, or MOV on a Mac). Sequence #1 is 20 mins. long. Sequence #2 is 10 mins. Sequence #3 is 10 mins. Sequence #4 is 20 mins. This will be a total of 60 mins., when Imported into Encore for authoring the DVD. I assemble my 4 Sequences, in whatever order I wish, or use a Playlist to navigate to each/all in whatever order I wish. The TimeCode in the Sequences (back in PrPro) make no difference. Each starts at 00;00;00;00, and only the total Duration of each really counts for anything in my authoring. I can choose to play any/all, and in any order that I wish.
  Now, if one wishes to Export to some other delivery scheme, say a MOV filed combined into one, you can Nest (in the manual, or Help file) all Sequences into a single additional Sequence, and in any order that you wish, say Sequence 4, Sequence 1, Sequence 3 and Sequence 2. Then, just Export that new, Nested Sequence as a MOV file. That Nested Sequence does not care what the starting TimeCode of each of the contributing Sequences was. Only the total Duration of all Sequences matters.
  Does that make sense? If not, can you articulate exactly what the problem with your Sequences is?
  Good luck,
  Hunt

• [SOLVED] Non-interactive SSH login and shell startup files

  I have a problem getting git-annex connecting to my arch box because of
  PATH not being correctly set. When diagnosing this problem I noticed that
  ~/.bashrc seems to be ignored for non-interactive SSH logins. More specifically,
  ssh myhost env
  Shows that when connecting to my other computer running gentoo, or to a
  separate server (probably running some flavor of Debian, I am not sure),
  environment variables defined in ~/.bashrc are present, but when connecting
  to my arch box, they are not. All three computers have identical ~/.bashrc
  files and ~/.bash_profile is set to read ~/.bashrc, and in all cases the file is
  sourced for an interactive login (i.e., 'ssh myhost' followed by 'env'). I tried to
  search through the various bash files in /etc, but didn't find anything related.
  Is there some bash or SSH setting that controls this behavior?
  Solution:
  I looked into this a bit more and found BASH_ENV which can be used to point to
  a file which is sourced for non-interactive shells. So I set
  BASH_ENV=~/.bashrc
  in /etc/environment, and now ~/.bashrc is sourced even for non-interactive
  shells and thus my PATH is correctly set. What I still don't know is why
  arch behaves differently in this respect, but I guess that will remain a mystery.
  Last edited by Nuteater (2012-07-27 18:59:30)

  try creating a .login file and put exec bash in there.
  Not _super_ familiar with csh, but I *think* csh loads .login only on login shells (as apposed to always loading .cshrc).
  Barring that, the following should work.
  if (! $?prompt) goto cshrc_end
  exec bash
  cshrc_end:

• Restrict maximum number of SSH logins of a user

  Hi all,
  Does anyone know how to restrict the number of SSH logins of a certain user in Solaris 10? It seems that OpenSSH server doesn't allow to do it.
  I know that it's possible in Linux by using PAM.
  Can you help me on that?
  Thanks in advance.
  BR,
  Roberto

  Users have a profile. example :
  CREATE PROFILE DEFAULT LIMIT
            SESSIONS_PER_USER UNLIMITED
            CPU_PER_SESSION UNLIMITED
            CPU_PER_CALL UNLIMITED
            CONNECT_TIME UNLIMITED
            IDLE_TIME UNLIMITED
            LOGICAL_READS_PER_SESSION UNLIMITED
            LOGICAL_READS_PER_CALL UNLIMITED
            COMPOSITE_LIMIT UNLIMITED
            PRIVATE_SGA UNLIMITED
            FAILED_LOGIN_ATTEMPTS UNLIMITED
            PASSWORD_LIFE_TIME UNLIMITED
            PASSWORD_REUSE_TIME UNLIMITED
            PASSWORD_REUSE_MAX UNLIMITED
            PASSWORD_LOCK_TIME UNLIMITED
            PASSWORD_GRACE_TIME UNLIMITED
            PASSWORD_VERIFY_FUNCTION NULL;
  SESSIONS_PER_USER is the one you are looking for. You can find more here:
  Select * FROM SYS.DBA_PROFILES WHERE PROFILE = :Name