Thanks.
I was able to turn security off and then use nvsecd to turn it back on. I did
have to kill nvsecd and restart it to get it to read sec.conf. I can now log
into NetView as normal.
It seems a bit easy to bypass security though, but under the circumstances I am
not complaining.
Jon
Bob Metzger wrote:
> /usr/OV/security/conf/sec.conf
>
> there is a parameter SECURITY_LEVEL_FLAG=
> set it to OFF.
>
> Bob Metzger
> VF_Services
>
> Leslie Clark <lclark@US.IBM.COM> on 05/13/99 12:18:59 AM
>
> Please respond to Discussion of IBM NetView and POLYCENTER Manager on NetView
> <NV-L@UCSBVM.ucsb.edu>
>
> To: NV-L@UCSBVM.ucsb.edu
> cc: (bcc: Bob Metzger/VFITS/VF Corporation)
> Subject: Re: Already logged in
>
> I don't use security much, but last time I did it seemed that there was a
> configuration file that you could just edit to turn security back off again
> or put it into test mode. (probably I had to kill nvsecd first). I can't
> look at a system to tell you what it was. Look down in the security
> directories. And don't tell support I told you to do that. Better yet,
> call support, eh?
>
> Cordially,
>
> Leslie A. Clark
> IBM Global Services - Systems Mgmt & Networking
>
> Gord - please take care following my suggestion for investigating your
> NetView security problem as you may end up in the same mess I am in.
>
> We are running NetView 5.1 on AIX 4.2.1. with security turned on. I have
> managed to get into a situation where I cannot log into NetView. This
> may have resulted from running nvauth as root while already running
> NetView as a different user.
>
> If I try to run NetView or run nvauth directly I cannot log in - "A user
> is already logged in from this client id". This occurs both as root and
> as other users.
>
> If I log in as root and try to run nvsec_admin to try to sort out the
> mess I am unable to - "A TME 10 NetView login is required to permit the
> requested operation. authorized=0, status=36."
>
> Catch 22
>
> I have tried nvauth -v and got the following trace:
>
> <-------- _MSG_SEC_ON request sent from process: 0 to host flippy:
>
> -------->_MSG_SEC_ON response 22 from server flippy
>
> retrieve_Cache() cachefilename: /usr/OV/security/cache/U0.flippy
>
> delete_Cache() could not remove Uuid cachefile
> /usr/OV/security/cache/U0..
>
> User cachefile discarded, does not match current nvsecd time value.
>
> Security is ON for server: flippy
>
> security mechanism type in hex from gss_indicate_mechs(): [2b] [12] [00]
> [00] [b
> 0] [6c]
> Authentication protocol is 2-party
>
> <-------- _MSG_SEC_QUERY_GROUPS req sent from process: 32000
>
> Output of MDprint of passkey... 0a6c02cdbbafd7c6fb8b67178c4ebe17
> <-------- _MSG_SEC_ACCEPT_CONTEXT token sent from process: 32000, user
> no_user_i
> d, host: no_host_name
>
> --------> _MSG_SEC_ACCEPT_CONTEXT token received by 32000 from nvsecd
>
> <-------- _MSG_SEC_ACCEPT_CONTEXT token sent from process: 32000, user
> no_user_i
> d, host: no_host_name
>
> Security Context established with server: flippy
>
> <-------- Message: <jonn...> was signed and encrypted and sent to nvsecd
>
> <-------- _MSG_SEC_USER_LOGIN req sent to server flippy
>
> -------> Message: <34...> was signed and recvd from nvsecd
>
> -------> _MSG_SEC_USER_LOGIN response: 0 recvd from :flippy
>
> /usr/OV/bin/nvsec_admin
> <--------- Local Security Context Deleted and _MSG_SEC_DELETE_CONTEXT
> request se
> nt to server: flippy
>
> I have tried changing the permissions on the cache file but it has not
> helped.
>
> Is there any way of getting out of this short of a re-installation?
>
> Thanks in advance.
>
> Jon Needes
> EDS, Hook, UK
|