How to configure eTrust Access Control when using SSH

Document ID : KB000054104
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

  1. Using SSH, log in remotely to a Solaris AutoSys server as a user with no eTrust Access Control granted rights using SSH

  2. The Unix commands 'id' and 'whoami' return the correct logged username

  3. eAC command 'sewhoami' returns 'root' This allows the non-priviledged user to impersonate 'root' and issue any AutoSys commands with full permissions.

Solution:

The issue described in the summary occurs when SSH is not defined as a default login method in eTrust Access Control.

To update this perform the following command:

er loginappl SSHD loginpath(<full path to login binary>) owner(nobody) defacc (x)

Where 'full path to login binary' points to the SSHD daemon (e.g. /usr/lib/ssh/sshd)