Hi, Friends

Using GUI of BaaN on Unix environment, whenever users
logged-in into the system its Unix A/c never activated, the draw back is, if we set the passwd expiration time for 45 days on Unix level , the users A/c will be deactivated after 45 days even users is logging every day, resulted in system does not allow users to login after mentioned days, there are lot of things related to system security after installing the Enhance C-2 level security, which we can not controll for those users logging thru GUI.


Can any one tell me how they are controlling users account on Unix level for users logging thru GUI for BaaN.


Rgds
Alam Badre

If you are on Unix and to check then a user has last logged into the system, you can use the command -

last -R| grep bsp <username>

Hi,

only after testing thru unix "last"/"finger" commnad I came to know users login thru GUI, its unix A/c never activated, only then I logged a case with BGS as well but still waiting for reply.

what happend with unix "last" / "finger" command is it will list only those users who either used "ftp" or telnet for some reason, hundreds of users login daily thru BaaN GUI and if I try to findout login status of the users, then system shows those users on unix level never logged-in.

We are having Tru64 Unix ver 4.0 E.

Rgds

Alam Badre

Hi Alam,

We use Solaris so had the same problem, what I did was write a script that runs all day and checks who logs in via GUI. This script then checks the user against their Unix login account (passwd & shadow files), to 'see' how long they have left before the password time period runs out. It then informs them via bdbcmd6.1 to their GUI when this only has 2 weeks left.

Hope all that make sense & helps you.


Steve.

It's normal that the 'last' and 'finger' command do not report any user activity. Logging into Baan with the BW GUI uses rexec as transport mechanism which is not captured by above commands. You should do as Steve advised in the previous post or read on some of the older threads dealing with this problem.

You can do this by changing the bshell line in ipc_info6.1 to point to a custom script that starts Baan.

In this custom script you can log to a file the UNIX user, and the Baan user is trying to start Baan, after which you start the bshell proper by running bshell6.1 $@

Remind me to post our script when I'm back at work. Thank you again to the legendary Kevin Brock for the know-how back on Baanfans.

Phil

Looking at the $man login I found that -

/var/adm/wtmp History of logins, logouts, and date changes.

Also refer to -

utmp(4) utmp(4)

NAME
utmp, wtmp, btmp - utmp, wtmp, btmp entry format

SYNOPSIS
#include <sys/types.h>
#include <utmp.h>

DESCRIPTION
These files, which hold user and accounting information for such commands as last, who, write, and login (see last(1), who(1), write(1), and login(1)), have the following structure as defined by
<utmp.h>:
...

Here's our code, see two posts above