Subject: | |
From: | |
Reply To: | |
Date: | Thu, 5 Jan 1995 16:48:16 EST |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Jeff Kell ([log in to unmask]) wrote:
> I just noticed something... on 5.0 you cannot remove a user's home group!
>
> I've used this traditional "feature" (no home group) to enhance security
> on critical accounts (if you password all groups, then a logon can
> require three passwords). But you can't do this anymore.
>
SR# 5003158394 was submitted for this problem, first identified by our
friends at VESOFT.
Steve Elmer documented a possible workaround of assigning a
non-existent group as the HOME. While this seems to work (the ALTUSER
command does not complain and the homegroup is changed) it does not
seem to work as a workaround. If you try to logon as a user whose
homegroup does not exist you will get the following error:
Account/user exist. Group name doesn't. (CIERR 1436)
This will, however, just like having no homegroup, force the user to
supply a group name. I guess maybe, in retrospect, it does work as a
workaround.
I first tried this from a 9000 workstation to a 5.0 PRE-PUSH
machine and it dropped my connection entirely, which I found rather
unfriendly and so I hesitated in qualifying it as a workaround. When
I tried it via a serial connection and a VT from another 3K, it worked
as above; giving me the error and allowing me to issue another logon
command specifying a groupname.
Hope this helps.
--
--Pete Crosby
************************************************************************
* "Arguing with an Engineer is like mud-wrestling a pig. Pretty soon *
* you realize the pig likes it" -author unknown *
* *
* Note: my comments are my own and do not reflect the views of my *
* employer or necessarily anyone else. [log in to unmask] *
************************************************************************
|
|
|