Summary : Strange su - problem?

From: Colin Haffenden (Chaffend@msxi-euro.com)
Date: Fri Aug 29 2003 - 06:43:41 EDT


Thanks to ....

John Szkudlapski
Tim Villa
Simon Burr
Gavin Harris

Ok I need a slap for this one.... as I said the system was on a remote
site and the local operations staff changed the root password. Little
did I know they changed it on the wrong box!! I now have access now that
the root password has been changed on the right box.

General answer that came in though were to make sure that /bin/su has
r-s--x--x permissions. Also that the wheel group should be setup and
users that need to use su need to be in this group.

We have the right permissions but not the wheel group and it works ok.

Thanks again,
Colin.

Original message below....

Hi,

I have a jumpstarted and hardened (with JASS) machine running Solaris 8
that has a strange "su -" problem. The box locked the root password
after 28 days so I was unable to gain remote access to root su-ing from
my own account. The operations staff connected a hyper-terminal to the
machine and logged on as root and changed the password (this machine is
at a remote site). I am still unable to su to root from my account. I am
getting the following messages in /var/adm/messages.....

Aug 29 09:09:35 hostname su: [ID 427203 auth.debug] pam_authenticate:
error Authentication failed
Aug 29 09:09:35 hostname su: [ID 810491 auth.crit] 'su root' failed
for username on /dev/pts/1
Aug 29 09:09:35 hostname su: [ID 810491 auth.crit] 'su root' failed
for username on /dev/pts/1

We have gone through the procedure of changing the root password more
than once to ensure we were using exactly the same password, this has
had no effect.

Can anyone give me some ideas of what I can check on the machine in
order to find out what is causing this lockout.

Thanks,
Colin.
This Message has been Checked at MSXI for all known Viruses.
You open this at your own risk. Please make sure all replies are
also virus free.
Also we do not accept or send Attachments of the type .exe, .vbs,
scr, or .bat due to the virus risk they can contain. These types of
attachments will be stripped from the message.

MSXI
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers



This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:27:02 EDT