RBAC Role allows direct login. Will Summarize

From: WRIGGLESWORTH, Christopher (chris.wrigglesworth@atosorigin.com)
Date: Fri Apr 08 2005 - 05:05:19 EDT

• Next message: Julian Grunnell: "V880 won't boot - Pt II"
• Previous message: Julian Grunnell: "V880 won't boot - SUMMARY"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Managers
 
    I have a Solaris 8 server that is behaving quite odd. I have set up an
RBAC role to allow an operator to perform some admin tasks. As I understand
it, an RBAC role should only allow a user to su to it, it should not allow
anyone to login to the server directly as the RBAC role. However in testing
I can always login to the server directly as the role. I have tried stopping
and starting nscd but this has no effect. I have also searched sunsolve for
any patches but I've found nothing (that doesn't mean there are no patches,
just that I haven't found them :). Does anyone have any suggestions?
 
Below are a few detail with the usual security adjustments, if any one would
like more info let me know
 
System details:
SunOS HOSTNAME 5.8 Generic_117350-02 sun4u sparc SUNW,Sun-Fire-280R
 
/etc/user_attr
username::::type=normal;roles=rolename
rolename::::type=role;profiles=profile name
 
 
Thanks for your help.
Chris Wrigglesworth
Unix Technical Specialist, Unix Technical Support (UK),
Network Infrastructure Solutions, Atos Origin
* Chris.Wrigglesworth@atosorigin.com
 

_______________________________________________________

This e-mail and the documents attached are confidential and intended
solely for the addressee; it may also be privileged. If you receive this
e-mail in error, please notify the sender immediately and destroy it.
As its integrity cannot be secured on the Internet, the Atos Origin group
liability cannot be triggered for the message content. Although the
sender endeavours to maintain a computer virus-free network, the
sender does not warrant that this transmission is virus-free and will
not be liable for any damages resulting from any virus transmitted.
_______________________________________________________
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

• Next message: Julian Grunnell: "V880 won't boot - Pt II"
• Previous message: Julian Grunnell: "V880 won't boot - SUMMARY"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:30:31 EDT