Solaris 8 compat mode (FIXED)
Alek O. Komarnitsky (N-CSC)
alek at ast.lmco.com
Tue Aug 26 17:12:48 EDT 2003
> From sudo-users-bounces at sudo.ws Tue Aug 26 14:20 MDT 2003
> From: Greene Jason-RB512C <RB512C at motorola.com>
> Finally got back around to looking at this problem. Thought I would post this response since I have still not see a solution posted.
> With help from Darren Dunham who pointed me to the fact that solaris 8 now puts an x in the password field of the /etc/shadow file.
> When the system is set up in compat mode (/etc/nsswitch.conf), sudo is still using the shadow file to match the password of the + users (+userid in /etc/passwd) instead of NIS.
> The solution for the moment is to take the x out of the shadow file and everything performs as it did in Solaris 2.6. But I it would seem that the sudo gods need to take a look at this and come up with a better solution for dealing with it.
> (I did test to make sure that a null password does not work when using sudo or otherwise with a blank password field in /etc/shadow)
> Thanks Again Darren!!!!!
I'm a little confused ... isn't the behavior you saw
above the desired state for things in general (also sudo).
I.e. by putting an "x" in the local shodow file, I can
lock out an account (unless you have seemless rsh or
other non-password prompt type activity) that would
otherwise be enabled via NIS.
A good test of this would be if you tried to telnet to
the machine using the setup in the "broke" example.
This requires a username/password - can you actually
using the NIS one even though the local shadow file
has an "x" listed?
More information about the sudo-users