Solaris 8 compat mode (FIXED)

Greene Jason-RB512C RB512C at motorola.com
Tue Aug 26 16:17:09 EDT 2003


Finally got back around to looking at this problem.  Thought I would post this response since I have still not see a solution posted.

With help from Darren Dunham who pointed me to the fact that solaris 8 now puts an x in the password field of the /etc/shadow file.  

When the system is set up in compat mode (/etc/nsswitch.conf), sudo is still using the shadow file to match the password of the + users (+userid in /etc/passwd) instead of NIS.

The solution for the moment is to take the x out of the shadow file and everything performs as it did in Solaris 2.6.  But I it would seem that the sudo gods need to take a look at this and come up with a better solution for dealing with it.

(I did test to make sure that a null password does not work when using sudo or otherwise with a blank password field in /etc/shadow)

Thanks Again Darren!!!!!


EXAMPLE:

Broke:
/etc/passwd
...
+rb512c:x:::::::
/etc/shadow
...
+rb512c:x:::::::

Works:
/etc/passwd
...
+rb512c:x:::::::
/etc/shadow
+rb512c::::::::



> From: Greene Jason-RB512C <RB512C at motorola.com>
> Subject: Solairs 8 compat mode
>
> Hello All,
>
> I am having an issue using sudo in (NIS) compat mode on solaris 8.
>
> I currently have several solaris 2.6 machines in this configuration that work.  The passwd file has entries for the users I want to allow on the machine.
> /etc/passwd
> +rb512c
> +:x:::::/bin/false
>
> /etc/nsswitch.conf
> passwd: compat
> group: compat
>
> Sudo works perfect on solaris 2.6 with this setup.  But on solaris 8, sudo will never accept the valid password.  If I change /etc/nsswitch.conf back to "passwd: files nis" then sudo works fine, but I do not get the restricted login I am looking for.
>
> I'm I way off here?  Should I be looking into pam modules now?  I cannot seem to find this problem searching the web.
>
> Thanks in advance,
>
> --
> Jason Greene (rb512c)
>


More information about the sudo-users mailing list