[SUMMARY] : Solaris 9 & NIS

From: Luc I. Suryo (luc@suryo.com)
Date: Sat Sep 28 2002 - 14:47:00 EDT

• Next message: Abdul Karim Abdullah Al-Shukili: "How can I give permission for tape drive !!!"
• Previous message: Leslie Connally: "best way to clone 4GB into a 9GB"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanks to Ivan,

This seems to be a know bug with Sun, after modifying /etc/pam.conf as
described below all work fine.

SOLUTION/FIX:
-------------------------------------------------------------------------

> We have definitely seen this with Solaris 9 clients and NIS running in
> secure mode. Indeed the client never asks for the passwd.adjunct.byname
> map. The bug from Sun says:
> <begin pasted bug>
> 4670947
> logins failing when NIS is backend for authentication
> 18 Sep 2002
>
> Category: pam
> Subcategory: unix_scheme
> State: integrated
> Description: see Comments
> Work Around:
> russell.blaine@sun.com 2002-06-03
>
> Replace these three lines in /etc/pam.conf:
> other auth required pam_authtok_get.so.1
> other auth required pam_dhkeys.so.1
> other auth required pam_unix_auth.so.1
>
> with this line:
> other auth required pam_unix.so.1
>
> russell.blaine@sun.com 2002-07-23
>
> C2 security is preserved with this workaround.
>
> <end pasted bug>
>
> Sun also sent me another copy of paswdutil.so.1 to place in /usr/lib
> (wonder if this is just from the latest release of Solaris 8) which also
> works, and they say the new passwdutil.so.1 also doesn't break C2
> security.
>

PROBLEM:
-------------------------------------------------------------------------
>
> > hello,
> >
> > Does someone has seen this problem? and know how to fix?
> >
> > Situation
> > master Solaris 8/Sparc, with shadow/secure support enabled
> > client Solaris 9/Sparc, problem
> > client Solaris 8/Sparc, work OK
> >
> > what does work
> > su - user OK this is a user in NIS
> > ypwhich OK shows the correct server
> > ypcat passwd.byname OK data correct
> > ypcat passwd.adjunct.byname OK data correct
> >
> > what does not work
> > any user can not login as the password is not accepted!
> > and a snoop shows that the client ask for passwd.byname
> > but i do never see the passwd.adjunct.byname..
> >
> > snoop with the other working client i do see passwd.byname
> > and then passwd.adjunct.byname
> >
> > note
> > the system was jumpstarted with the lastest version of JASS
> > so not sure if that is an issue...
> >

-- 
Kind regards,
Luc Suryo
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

• Next message: Abdul Karim Abdullah Al-Shukili: "How can I give permission for tape drive !!!"
• Previous message: Leslie Connally: "best way to clone 4GB into a 9GB"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:25:00 EDT