Solaris 8 compat mode

Aaron Spangler as at insight.rr.com
Thu Feb 6 18:48:08 EST 2003 

If you want to do pam debugging on solaris 8, do the following:

1) Add "auth.debug /etc/pam_debug" to /etc/syslog.conf
2) restart syslog
3) touch /etc/pam_debug
4) tail -f /etc/pam_debug &


Greene Jason-RB512C wrote:

> Aaron,
>
>   Thanks for the response.  Unfortunately the '--with-pam' did not change the behavior.  I put debug in the pam.conf file but it did not produce any output in /var/adm/messages.
>
> #
> login   auth required   /usr/lib/security/$ISA/pam_unix.so.1
> login   auth required   /usr/lib/security/$ISA/pam_dial_auth.so.1
> #
> rlogin  auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1
> rlogin  auth required   /usr/lib/security/$ISA/pam_unix.so.1
> #
> dtlogin auth required   /usr/lib/security/$ISA/pam_unix.so.1
> #
> rsh     auth required   /usr/lib/security/$ISA/pam_rhosts_auth.so.1
> other   auth required   /usr/lib/security/$ISA/pam_unix.so.1    debug
>
> Any other thoughts???
>
> Thanks,
>
> Jason
>
> -----Original Message-----
> From: Aaron Spangler [mailto:as at insight.rr.com]
> Sent: Wednesday, February 05, 2003 9:07 PM
> To: sudo-users at sudo.ws; Jason Greene
> Subject: Re: Solaris 8 compat mode
>
> Try compiling using '--with-pam'.  This tells sudo to invoke the default system behavior.  (Which by default on Solaris 8 if you don't modify /etc/pam.conf tells it to call pam_unix.so.1 which tells it to act like /bin/login, /bin/su, etc.)  BTW on any
> Solaris you should not need to modify /etc/pam.conf unless you want to change the way the system behaves.  (regardless of nsswitch.conf  or compat mode)
>
> That should do the trick.
>  - Aaron
>
> > From: Greene Jason-RB512C <RB512C at motorola.com>
> > Subject: Solairs 8 compat mode
> >
> > Hello All,
> >
> > I am having an issue using sudo in (NIS) compat mode on solaris 8.
> >
> > I currently have several solaris 2.6 machines in this configuration that work.  The passwd file has entries for the users I want to allow on the machine.
> > /etc/passwd
> > +rb512c
> > +:x:::::/bin/false
> >
> > /etc/nsswitch.conf
> > passwd: compat
> > group: compat
> >
> > Sudo works perfect on solaris 2.6 with this setup.  But on solaris 8, sudo will never accept the valid password.  If I change /etc/nsswitch.conf back to "passwd: files nis" then sudo works fine, but I do not get the restricted login I am looking for.
> >
> > I'm I way off here?  Should I be looking into pam modules now?  I cannot seem to find this problem searching the web.
> >
> > Thanks in advance,
> >
> > --
> > Jason Greene (rb512c)

More information about the sudo-users mailing list