ssadm login

ssadm login authenticates a user for administrative access through ssadm to a Screen from a remote Administration Station.

Usage:

ssadm -r remotehost login username password

ssadm login creates a session on the remote Screen and provides a ticket that allows subsequent invocations of the ssadm command to access the remote Screen without using a password.

ssadm login is only available with the -r remotehost option.

The ticket is written to standard output. If a ticketfile is specified using the -F option to ssadm or the SSADM_TICKET_FILE environment variable, then ssadm login automatically stores the ticket in ticketfile in addition to writing it to standard output.

For example:

# SSADM_TICKET_FILE=$HOME/.ssadmticket
# export SSADM_TICKET_FILE
# touch $SSADM_TICKET_FILE
# chmod go= $SSADM_TICKET_FILE
# ssadm -r greatwall login admin password
WRITE access <E23B344150C702EC>
# ssadm -r greatwall activate Initial
Configuration activated successfully on greatwall.
# ssadm -r greatwall active
Active configuration: greatwall default Initial.3
Activated by admin on 03/09/1999 02:58:36 PM PST
# ssadm -r greatwall logout

The above example is for sh or ksh; other shells may require different commands. ssadm login is only available with the -r remotehost option.

When using the ssadm login command on multiuser Administration Stations, any other user can snoop the admin user and password using ps, then (because SKIP or IKE is enabled from that host) access the Screen as that user.

Do not have a general-use Solaris system act as a remote Administration Station. Additionally, never use the ssadm login command on a Solaris system while other users are logged in

Screen administration is discouraged from non-Solaris platforms. Serious security holes with other operating systems can readily be exploited to compromise the network security infrastructure.

See the ssadm-login(1M) man page for more information on the login command.