SEO

Please see the system administrator."

I've posted a related topic recently, and learned some things, but I
still haven't solved my problem. The problem is that when you enter
the wrong password from the login screen that takes you to CDE, you get
the message "Login incorrect; please try again." And after 3
failed logins, you're locked out but you get the same message. If,
however, on the 10th try, you enter the correct password, then you get
a different message, "There have been too many unsuccessful..."
which reveals that you have finally entered the correct password. I
need to make it not do that. It can do anything else, but just not
reveal that you hit the right password after being locked out.

This is AIX 4.3.3. I have found the message "Login incorrect..."
in dtlogin, but I have yet to find where the other message is stored,
or how it's generated. I know that the exact message, "There have
been too many...." exists in PAM/LDAP, however, I also know that
4.3.3 did not use PAM/LDAP. It's possible PAM/LDAP was installed on
this system, but I see no indication that it was, although I'm not
sure offhand how to tell if it was or wasn't.

Any help would be appreciated.
TIA
almoTAKETHISOUT6914@yahoo.com

"almo" <almo6914@yahoo.com> writes:
> Please see the system administrator."
>
> I've posted a related topic recently, and learned some things, but I
> still haven't solved my problem. The problem is that when you enter
> the wrong password from the login screen that takes you to CDE, you get
> the message "Login incorrect; please try again." And after 3
> failed logins, you're locked out but you get the same message. If,
> however, on the 10th try, you enter the correct password, then you get
> a different message, "There have been too many unsuccessful..."
> which reveals that you have finally entered the correct password. I
> need to make it not do that. It can do anything else, but just not
> reveal that you hit the right password after being locked out.
>
> This is AIX 4.3.3.

Dunno how to help ya, but I do have a question.

If you're being tasked to slaving adherence to a lockout policy (the
issue you're dealing with is pretty darned ticky tack), why in the
hell are they having you use an OS that's no longer supported by its
vendor?


--
Todd H.
http://www.toddh.net/

I no longer have an AIX 4.3.3 system since I migrated to 5.1 and now
5.3. But you might be able to find your answer in /etc/security/user

> "Dunno how to help ya, but I do have a question.
> If you're being tasked to slaving adherence to a lockout policy (the
> issue you're dealing with is pretty darned ticky tack), why in the
> hell are they having you use an OS that's no longer supported by its
> vendor? "

It's called "government work." Some reallly big aerospace company with
lots of ex-military brass on their staff pitches an idea to to
government, which is also military brass, and big money changes hands,
then a handful of average people have to build it. After about 2
years, the system gets delivered. And then another company, a
contractor, has to operate it. And they have their computer security
people who flag these kind of things. But that company can't fix
anything or change anything because that's not their job, and it's not
in their charter, and then there's another contractor, the one I work
for at the moment, who has the contract for support, maintenance, and
depot operations. And, God forbid, the other contractor puts something
in writing, like a defiency report or vulnerability, because then it
takes on a life of it's own, and it can only be put to rest by fixing
it, or hiding it and reporting that you fixed it (if you're me,) or
saying it can't be done, which requires even more paperwork, and other
people, like bosses, frown on you, or me, because they just like do
that to me. So, when I looked at this problem, I thought, this can't
be very hard to change, I'll just go fix the damn thing right now.
And, in 1 minute, I found where that frst message was, so I looked for
the second message, and it's been 5 days now. It's coming from
somewhere. Next thing I'm going to do is write a script, since 4.3.3
doesn't have -r for grep, and I can't add a new grep because there's no
compiler on the the system, or even man pages, but I'll just sift
through every last file on that system starting from "/" and use the
strings(1) command into grep and find this sneaky little bastard. And,
I'll collect my paycheck. BTW, when I work for myself on my own
projects, I don't operate like the government.

Alan

prichard@blm.gov wrote:
> I no longer have an AIX 4.3.3 system since I migrated to 5.1 and now
> 5.3. But you might be able to find your answer in /etc/security/user

almo wrote:
>>"Dunno how to help ya, but I do have a question.
>>If you're being tasked to slaving adherence to a lockout policy (the
>>issue you're dealing with is pretty darned ticky tack), why in the
>>hell are they having you use an OS that's no longer supported by its
>>vendor? "
>
>
> It's called "government work." Some reallly big aerospace company with
> lots of ex-military brass on their staff pitches an idea to to
> government, which is also military brass, and big money changes hands,
> then a handful of average people have to build it. After about 2
> years, the system gets delivered. And then another company, a
> contractor, has to operate it. And they have their computer security
> people who flag these kind of things. But that company can't fix
> anything or change anything because that's not their job, and it's not
> in their charter, and then there's another contractor, the one I work
> for at the moment, who has the contract for support, maintenance, and
> depot operations. And, God forbid, the other contractor puts something
> in writing, like a defiency report or vulnerability, because then it
> takes on a life of it's own, and it can only be put to rest by fixing
> it, or hiding it and reporting that you fixed it (if you're me,) or
> saying it can't be done, which requires even more paperwork, and other
> people, like bosses, frown on you, or me, because they just like do
> that to me. So, when I looked at this problem, I thought, this can't
> be very hard to change, I'll just go fix the damn thing right now.
> And, in 1 minute, I found where that frst message was, so I looked for
> the second message, and it's been 5 days now. It's coming from
> somewhere. Next thing I'm going to do is write a script, since 4.3.3
> doesn't have -r for grep, and I can't add a new grep because there's no
> compiler on the the system, or even man pages, but I'll just sift
> through every last file on that system starting from "/" and use the
> strings(1) command into grep and find this sneaky little bastard. And,
> I'll collect my paycheck. BTW, when I work for myself on my own
> projects, I don't operate like the government.
>
> Alan
>
> prichard@blm.gov wrote:
>
>>I no longer have an AIX 4.3.3 system since I migrated to 5.1 and now
>>5.3. But you might be able to find your answer in /etc/security/user
>
>

Precisely why I got completely out of government work. Good story!

>"Dunno how to help ya, but I do have a question.
>If you're being tasked to slaving adherence to a lockout policy (the
>issue you're dealing with is pretty darned ticky tack), why in the
>hell are they having you use an OS that's no longer supported by its
>vendor?"

If you think that's bad, there's a big flight critical system here
(Kennedy Space Center) with a computer that takes up a whole building,
and it's water cooled!!!! It has about 1.2 million lines of FORTRAN
source code running on it (the binary,) but it's old FORTRAN, I mean
old like before there was ASCII, and even old like before there was
EBCDIC, and so old that 8 bits did not make a byte, and the word "byte"
wasn't even in the dictionary. Of course, who decided a byte had to be
8 bits? And who decided to name it a "byte."

....ya know what, don't get me started. But I have the answers to those
questions, and much more. And there's a good story behind this, and
I'd love to tell it, and I will, but I'll have to remember all the
stuff I know and maybe next week I'll post the story about that
computer, and other things that all tie together, including how I saved
the world, or helped a little bit (by accident + right place + right
time + plus one guy smarter than me that sat next to me.) It's all
pretty cool. A very good history lesson about how we got to where we
are with computers, which I know about because I had to find out about
it to do a project. Interesting story...stay tuned. BTW, the only
mention I will make about Bill Gates is to say...there will be no
mention of Bill Gates.

And a shout out to M.J. who gave me a very good tip regarding the topic
on this thread.

0xDEADABE wrote:
> almo wrote:
> >>"Dunno how to help ya, but I do have a question.
> >>If you're being tasked to slaving adherence to a lockout policy (the
> >>issue you're dealing with is pretty darned ticky tack), why in the
> >>hell are they having you use an OS that's no longer supported by its
> >>vendor? "
> >
> >
> > It's called "government work." Some reallly big aerospace company with
> > lots of ex-military brass on their staff pitches an idea to to
> > government, which is also military brass, and big money changes hands,
> > then a handful of average people have to build it. After about 2
> > years, the system gets delivered. And then another company, a
> > contractor, has to operate it. And they have their computer security
> > people who flag these kind of things. But that company can't fix
> > anything or change anything because that's not their job, and it's not
> > in their charter, and then there's another contractor, the one I work
> > for at the moment, who has the contract for support, maintenance, and
> > depot operations. And, God forbid, the other contractor puts something
> > in writing, like a defiency report or vulnerability, because then it
> > takes on a life of it's own, and it can only be put to rest by fixing
> > it, or hiding it and reporting that you fixed it (if you're me,) or
> > saying it can't be done, which requires even more paperwork, and other
> > people, like bosses, frown on you, or me, because they just like do
> > that to me. So, when I looked at this problem, I thought, this can't
> > be very hard to change, I'll just go fix the damn thing right now.
> > And, in 1 minute, I found where that frst message was, so I looked for
> > the second message, and it's been 5 days now. It's coming from
> > somewhere. Next thing I'm going to do is write a script, since 4.3.3
> > doesn't have -r for grep, and I can't add a new grep because there's no
> > compiler on the the system, or even man pages, but I'll just sift
> > through every last file on that system starting from "/" and use the
> > strings(1) command into grep and find this sneaky little bastard. And,
> > I'll collect my paycheck. BTW, when I work for myself on my own
> > projects, I don't operate like the government.
> >
> > Alan
> >
> > prichard@blm.gov wrote:
> >
> >>I no longer have an AIX 4.3.3 system since I migrated to 5.1 and now
> >>5.3. But you might be able to find your answer in /etc/security/user
> >
> >
>
> Precisely why I got completely out of government work. Good story!

....forgot to mention, when I say "water cooled," it's not the kind
that's recently coming back into vogue for high-end PC's, this water
cooling system has a big refrigeration unit just to chill the water,
cost per year is about the average yearly salary of anyone reading
this. Why is that system still in use? There's a reason. In two
words, Seymour Cray.

BTW, a "word" is 60 bits.

almo wrote:
> >"Dunno how to help ya, but I do have a question.
> >If you're being tasked to slaving adherence to a lockout policy (the
> >issue you're dealing with is pretty darned ticky tack), why in the
> >hell are they having you use an OS that's no longer supported by its
> >vendor?"
>
> If you think that's bad, there's a big flight critical system here
> (Kennedy Space Center) with a computer that takes up a whole building,
> and it's water cooled!!!! It has about 1.2 million lines of FORTRAN
> source code running on it (the binary,) but it's old FORTRAN, I mean
> old like before there was ASCII, and even old like before there was
> EBCDIC, and so old that 8 bits did not make a byte, and the word "byte"
> wasn't even in the dictionary. Of course, who decided a byte had to be
> 8 bits? And who decided to name it a "byte."
>
> ...ya know what, don't get me started. But I have the answers to those
> questions, and much more. And there's a good story behind this, and
> I'd love to tell it, and I will, but I'll have to remember all the
> stuff I know and maybe next week I'll post the story about that
> computer, and other things that all tie together, including how I saved
> the world, or helped a little bit (by accident + right place + right
> time + plus one guy smarter than me that sat next to me.) It's all
> pretty cool. A very good history lesson about how we got to where we
> are with computers, which I know about because I had to find out about
> it to do a project. Interesting story...stay tuned. BTW, the only
> mention I will make about Bill Gates is to say...there will be no
> mention of Bill Gates.
>
> And a shout out to M.J. who gave me a very good tip regarding the topic
> on this thread.
>
> 0xDEADABE wrote:
> > almo wrote:
> > >>"Dunno how to help ya, but I do have a question.
> > >>If you're being tasked to slaving adherence to a lockout policy (the
> > >>issue you're dealing with is pretty darned ticky tack), why in the
> > >>hell are they having you use an OS that's no longer supported by its
> > >>vendor? "
> > >
> > >
> > > It's called "government work." Some reallly big aerospace company with
> > > lots of ex-military brass on their staff pitches an idea to to
> > > government, which is also military brass, and big money changes hands,
> > > then a handful of average people have to build it. After about 2
> > > years, the system gets delivered. And then another company, a
> > > contractor, has to operate it. And they have their computer security
> > > people who flag these kind of things. But that company can't fix
> > > anything or change anything because that's not their job, and it's not
> > > in their charter, and then there's another contractor, the one I work
> > > for at the moment, who has the contract for support, maintenance, and
> > > depot operations. And, God forbid, the other contractor puts something
> > > in writing, like a defiency report or vulnerability, because then it
> > > takes on a life of it's own, and it can only be put to rest by fixing
> > > it, or hiding it and reporting that you fixed it (if you're me,) or
> > > saying it can't be done, which requires even more paperwork, and other
> > > people, like bosses, frown on you, or me, because they just like do
> > > that to me. So, when I looked at this problem, I thought, this can't
> > > be very hard to change, I'll just go fix the damn thing right now.
> > > And, in 1 minute, I found where that frst message was, so I looked for
> > > the second message, and it's been 5 days now. It's coming from
> > > somewhere. Next thing I'm going to do is write a script, since 4.3.3
> > > doesn't have -r for grep, and I can't add a new grep because there's no
> > > compiler on the the system, or even man pages, but I'll just sift
> > > through every last file on that system starting from "/" and use the
> > > strings(1) command into grep and find this sneaky little bastard. And,
> > > I'll collect my paycheck. BTW, when I work for myself on my own
> > > projects, I don't operate like the government.
> > >
> > > Alan
> > >
> > > prichard@blm.gov wrote:
> > >
> > >>I no longer have an AIX 4.3.3 system since I migrated to 5.1 and now
> > >>5.3. But you might be able to find your answer in /etc/security/user
> > >
> > >
> >
> > Precisely why I got completely out of government work. Good story!