Solaris 8 compat mode (FIXED)
Greene Jason-RB512C
RB512C at motorola.com
Tue Aug 26 16:17:09 EDT 2003
Finally got back around to looking at this problem. Thought I would post this response since I have still not see a solution posted.
With help from Darren Dunham who pointed me to the fact that solaris 8 now puts an x in the password field of the /etc/shadow file.
When the system is set up in compat mode (/etc/nsswitch.conf), sudo is still using the shadow file to match the password of the + users (+userid in /etc/passwd) instead of NIS.
The solution for the moment is to take the x out of the shadow file and everything performs as it did in Solaris 2.6. But I it would seem that the sudo gods need to take a look at this and come up with a better solution for dealing with it.
(I did test to make sure that a null password does not work when using sudo or otherwise with a blank password field in /etc/shadow)
Thanks Again Darren!!!!!
EXAMPLE:
Broke:
/etc/passwd
...
+rb512c:x:::::::
/etc/shadow
...
+rb512c:x:::::::
Works:
/etc/passwd
...
+rb512c:x:::::::
/etc/shadow
+rb512c::::::::
> From: Greene Jason-RB512C <RB512C at motorola.com>
> Subject: Solairs 8 compat mode
>
> Hello All,
>
> I am having an issue using sudo in (NIS) compat mode on solaris 8.
>
> I currently have several solaris 2.6 machines in this configuration that work. The passwd file has entries for the users I want to allow on the machine.
> /etc/passwd
> +rb512c
> +:x:::::/bin/false
>
> /etc/nsswitch.conf
> passwd: compat
> group: compat
>
> Sudo works perfect on solaris 2.6 with this setup. But on solaris 8, sudo will never accept the valid password. If I change /etc/nsswitch.conf back to "passwd: files nis" then sudo works fine, but I do not get the restricted login I am looking for.
>
> I'm I way off here? Should I be looking into pam modules now? I cannot seem to find this problem searching the web.
>
> Thanks in advance,
>
> --
> Jason Greene (rb512c)
>
More information about the sudo-users
mailing list