/usr/OV/security/conf/sec.conf
there is a parameter SECURITY_LEVEL_FLAG=
set it to OFF.
Bob Metzger
VF_Services
Leslie Clark <lclark@US.IBM.COM> on 05/13/99 12:18:59 AM
Please respond to Discussion of IBM NetView and POLYCENTER Manager on NetView
<NV-L@UCSBVM.ucsb.edu>
To: NV-L@UCSBVM.ucsb.edu
cc: (bcc: Bob Metzger/VFITS/VF Corporation)
Subject: Re: Already logged in
I don't use security much, but last time I did it seemed that there was a
configuration file that you could just edit to turn security back off again
or put it into test mode. (probably I had to kill nvsecd first). I can't
look at a system to tell you what it was. Look down in the security
directories. And don't tell support I told you to do that. Better yet,
call support, eh?
Cordially,
Leslie A. Clark
IBM Global Services - Systems Mgmt & Networking
Gord - please take care following my suggestion for investigating your
NetView security problem as you may end up in the same mess I am in.
We are running NetView 5.1 on AIX 4.2.1. with security turned on. I have
managed to get into a situation where I cannot log into NetView. This
may have resulted from running nvauth as root while already running
NetView as a different user.
If I try to run NetView or run nvauth directly I cannot log in - "A user
is already logged in from this client id". This occurs both as root and
as other users.
If I log in as root and try to run nvsec_admin to try to sort out the
mess I am unable to - "A TME 10 NetView login is required to permit the
requested operation. authorized=0, status=36."
Catch 22
I have tried nvauth -v and got the following trace:
<-------- _MSG_SEC_ON request sent from process: 0 to host flippy:
-------->_MSG_SEC_ON response 22 from server flippy
retrieve_Cache() cachefilename: /usr/OV/security/cache/U0.flippy
delete_Cache() could not remove Uuid cachefile
/usr/OV/security/cache/U0..
User cachefile discarded, does not match current nvsecd time value.
Security is ON for server: flippy
security mechanism type in hex from gss_indicate_mechs(): [2b] [12] [00]
[00] [b
0] [6c]
Authentication protocol is 2-party
<-------- _MSG_SEC_QUERY_GROUPS req sent from process: 32000
Output of MDprint of passkey... 0a6c02cdbbafd7c6fb8b67178c4ebe17
<-------- _MSG_SEC_ACCEPT_CONTEXT token sent from process: 32000, user
no_user_i
d, host: no_host_name
--------> _MSG_SEC_ACCEPT_CONTEXT token received by 32000 from nvsecd
<-------- _MSG_SEC_ACCEPT_CONTEXT token sent from process: 32000, user
no_user_i
d, host: no_host_name
Security Context established with server: flippy
<-------- Message: <jonn...> was signed and encrypted and sent to nvsecd
<-------- _MSG_SEC_USER_LOGIN req sent to server flippy
-------> Message: <34...> was signed and recvd from nvsecd
-------> _MSG_SEC_USER_LOGIN response: 0 recvd from :flippy
/usr/OV/bin/nvsec_admin
<--------- Local Security Context Deleted and _MSG_SEC_DELETE_CONTEXT
request se
nt to server: flippy
I have tried changing the permissions on the cache file but it has not
helped.
Is there any way of getting out of this short of a re-installation?
Thanks in advance.
Jon Needes
EDS, Hook, UK
|