Solaris 8 compat mode
Greene Jason-RB512C
RB512C at motorola.com
Thu Feb 6 12:50:36 EST 2003
Aaron,
Thanks for the response. Unfortunately the '--with-pam' did not change the behavior. I put debug in the pam.conf file but it did not produce any output in /var/adm/messages.
#
login auth required /usr/lib/security/$ISA/pam_unix.so.1
login auth required /usr/lib/security/$ISA/pam_dial_auth.so.1
#
rlogin auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1
rlogin auth required /usr/lib/security/$ISA/pam_unix.so.1
#
dtlogin auth required /usr/lib/security/$ISA/pam_unix.so.1
#
rsh auth required /usr/lib/security/$ISA/pam_rhosts_auth.so.1
other auth required /usr/lib/security/$ISA/pam_unix.so.1 debug
Any other thoughts???
Thanks,
Jason
-----Original Message-----
From: Aaron Spangler [mailto:as at insight.rr.com]
Sent: Wednesday, February 05, 2003 9:07 PM
To: sudo-users at sudo.ws; Jason Greene
Subject: Re: Solaris 8 compat mode
Try compiling using '--with-pam'. This tells sudo to invoke the default system behavior. (Which by default on Solaris 8 if you don't modify /etc/pam.conf tells it to call pam_unix.so.1 which tells it to act like /bin/login, /bin/su, etc.) BTW on any
Solaris you should not need to modify /etc/pam.conf unless you want to change the way the system behaves. (regardless of nsswitch.conf or compat mode)
That should do the trick.
- Aaron
> From: Greene Jason-RB512C <RB512C at motorola.com>
> Subject: Solairs 8 compat mode
>
> Hello All,
>
> I am having an issue using sudo in (NIS) compat mode on solaris 8.
>
> I currently have several solaris 2.6 machines in this configuration that work. The passwd file has entries for the users I want to allow on the machine.
> /etc/passwd
> +rb512c
> +:x:::::/bin/false
>
> /etc/nsswitch.conf
> passwd: compat
> group: compat
>
> Sudo works perfect on solaris 2.6 with this setup. But on solaris 8, sudo will never accept the valid password. If I change /etc/nsswitch.conf back to "passwd: files nis" then sudo works fine, but I do not get the restricted login I am looking for.
>
> I'm I way off here? Should I be looking into pam modules now? I cannot seem to find this problem searching the web.
>
> Thanks in advance,
>
> --
> Jason Greene (rb512c)
More information about the sudo-users
mailing list