Solaris 8 compat mode
Aaron Spangler
as at insight.rr.com
Thu Feb 6 18:48:08 EST 2003
If you want to do pam debugging on solaris 8, do the following:
1) Add "auth.debug /etc/pam_debug" to /etc/syslog.conf
2) restart syslog
3) touch /etc/pam_debug
4) tail -f /etc/pam_debug &
Greene Jason-RB512C wrote:
> Aaron,
>
> Thanks for the response. Unfortunately the '--with-pam' did not change the behavior. I put debug in the pam.conf file but it did not produce any output in /var/adm/messages.
>
> #
> login auth required /usr/lib/security/$ISA/pam_unix.so.1
> login auth required /usr/lib/security/$ISA/pam_dial_auth.so.1
> #
> rlogin auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1
> rlogin auth required /usr/lib/security/$ISA/pam_unix.so.1
> #
> dtlogin auth required /usr/lib/security/$ISA/pam_unix.so.1
> #
> rsh auth required /usr/lib/security/$ISA/pam_rhosts_auth.so.1
> other auth required /usr/lib/security/$ISA/pam_unix.so.1 debug
>
> Any other thoughts???
>
> Thanks,
>
> Jason
>
> -----Original Message-----
> From: Aaron Spangler [mailto:as at insight.rr.com]
> Sent: Wednesday, February 05, 2003 9:07 PM
> To: sudo-users at sudo.ws; Jason Greene
> Subject: Re: Solaris 8 compat mode
>
> Try compiling using '--with-pam'. This tells sudo to invoke the default system behavior. (Which by default on Solaris 8 if you don't modify /etc/pam.conf tells it to call pam_unix.so.1 which tells it to act like /bin/login, /bin/su, etc.) BTW on any
> Solaris you should not need to modify /etc/pam.conf unless you want to change the way the system behaves. (regardless of nsswitch.conf or compat mode)
>
> That should do the trick.
> - Aaron
>
> > From: Greene Jason-RB512C <RB512C at motorola.com>
> > Subject: Solairs 8 compat mode
> >
> > Hello All,
> >
> > I am having an issue using sudo in (NIS) compat mode on solaris 8.
> >
> > I currently have several solaris 2.6 machines in this configuration that work. The passwd file has entries for the users I want to allow on the machine.
> > /etc/passwd
> > +rb512c
> > +:x:::::/bin/false
> >
> > /etc/nsswitch.conf
> > passwd: compat
> > group: compat
> >
> > Sudo works perfect on solaris 2.6 with this setup. But on solaris 8, sudo will never accept the valid password. If I change /etc/nsswitch.conf back to "passwd: files nis" then sudo works fine, but I do not get the restricted login I am looking for.
> >
> > I'm I way off here? Should I be looking into pam modules now? I cannot seem to find this problem searching the web.
> >
> > Thanks in advance,
> >
> > --
> > Jason Greene (rb512c)
More information about the sudo-users
mailing list