Thursday, August 4, 2011

/etc/utmp, /var/adm/wtmp, /etc/security/failedlogin : AIX - User administration related files

The utmp file, the wtmp file, and the failedlogin file contain records with user and accounting information. When a user successfully logs in, the login program writes entries in two files.
  • The /etc/utmp file, which contains a record of users logged into the system. The command who -a processes the /etc/utmp file, and if this file is corrupted or missing, no output is generated from the who command.
  • The /var/adm/wtmp file (if it exists), which contains connect-time accounting records.

On an invalid login attempt, due to an incorrect login name or password, the login program makes an entry in the /etc/security/failed login file, which contains a record of unsuccessful login attempts.

No comments:

Post a Comment