Hi, we have a similar setup on solaris SPARC with several accounts we don't allow users to directly log into:
In /etc/profile:
############### Su only test section #############
## Note: if nfs is not available, this test fails and allows logon
if [[ `tty|grep "not a tty"` = "" ]]
then
ORIGNSSHLOGIN=`who am i | awk '{print $1":"$6}' | awk -F. '{print $1}' | sed 's/(//g'`
if ! `echo ${ORIGNSSHLOGIN} | egrep "zone:global" > /dev/null`
then
if ! `egrep ^${ORIGNSSHLOGIN} /nfs/unix/scripts/server.su.only.exception.list > /dev/null`
then
WHONAME=`/usr/bin/whoami | awk '{ print $1 }'`
if [[ "`grep $WHONAME /nfs/unix/scripts/server.su.only.list | grep -v "#"`" == "$WHONAME" && `tty| grep console` = "" ]]
then
WHOORIG=`/usr/bin/who am i | awk '{ print $1 }'`
if [[ $WHONAME == $WHOORIG ]]
then
echo "You cannot log in directly from $LOGNAME ";
echo "Please logon with your personal ID and use su - $LOGNAME ";
exit ;
else
:
fi
fi
else
:
fi
fi
fi
############### End of su only account text ######
This selection works fine with the autosys accout as any jobs normally run by autosys from AE are run non-interactively.