[sudo-users] Solaris 8 SUN SDK 5.08 TLS 64-bit sudo

J.R. Taisto jr at e-integration.net
Fri Aug 3 20:00:45 EDT 2007

I'm having issues building a 64-bit sudo for Solaris 8 using
the Sun LDAP SDK.  If anyone has had success with this
combination let me know, or if you were able to use the native
Solaris 8 libraries to get a 64-bit version of sudo to work.

Here's what I see from checking if sudo works via: sudo -l

LDAP Config Summary
host         ldap.company.com
port         389
ldap_version 3
sudoers_base ou=sudoers,dc=company,dc=com
binddn       (anonymous)
bindpw       (anonymous)
bind_timelimit  1000
timelimit    1
ldap_set_option(LDAP_OPT_TIMELIMIT, 1)
sudo: ldap_init(ldap.company.com,389)
ldap_set_option(LDAP_OPT_PROTOCOL_VERSION, 3)
ldap_simple_bind_s()=91 : Can't connect to the LDAP server
Sorry, user username may not run sudo on solaris8-workstation.

Doing a snoop I see that the box actually does connect, but
it's connecting to port 636.  So it seems to me that the
information be echo'd out by sudo may not be accurate.  I also
received an e-mail stating a sudo violation.  If the error
message was correct I won't expect to see the violation
message, but this may be the unexpected correct behavior.  

Build info:

gcc 3.4.6
make 3.81

OpenSSL 0.9.8d 28 Sep 2006

SunOS solaris8-workstation 5.8 Generic_117350-46 sun4u sparc

./configure  --build=sparc64-sun-solaris2.8 \
            --prefix=${PKG_BASE}/utilities/sudo/sudo-1.6.9p3 \
--libdir=${PKG_BASE}/utilities/sudo/sudo-1.6.9p3/lib/sparcv9 \
             --with-libpath="$GCC_LIB $OPENSSL_LIB
/usr/lib/sparcv9 /usr/lib/64" \
             --with-incpath="$OPENSSL_INC" \
             --with-shared --with-rpath \
             --with-ldap \
             --with-ldap-conf-file=/etc/ldap.conf \
             --with-pam \
             --with-exempt=unixteam \
             --with-logging=file \
             --with-logpath=/var/log/sudo.log \
             --with-loglen=80 \
             --disable-root-sudo \
             --disable-root-mailer \
             --without-umask \
             --without-lecture \
             --without-mail-if-no-user \
             --with-mailto=sudoers at company.com \
             --with-mail-if-no-host \
             --with-mail-if-noperms \
             --with-mailsubject="SUDO violation" \
             --with-passprompt="Company sudo password: " \
             --with-badpass-message="Invalid Company sudo
password: " \
             --with-insults \
             --with-hal-insults \
             --with-fqdn \
             --with-ignore-dot \
             --with-timeout=3 \
             --with-password-timeout=3 \

Libraries appear to be present:

ldd /opt/COMPANY/pkg/utilities/sudo/current/bin/sudo

    libpam.so.1 =>   /usr/lib/sparcv9/libpam.so.1
    libdl.so.1 =>    /usr/lib/sparcv9/libdl.so.1
libldap50.so =>
    libsocket.so.1 =>        /usr/lib/sparcv9/libsocket.so.1
    libnsl.so.1 =>   /usr/lib/sparcv9/libnsl.so.1
    libc.so.1 =>     /usr/lib/sparcv9/libc.so.1
    libcmd.so.1 =>   /usr/lib/64/libcmd.so.1
    libmp.so.2 =>    /usr/lib/64/libmp.so.2

J.R. Taisto
UNIX Consultant
jr at e-integration.net

More information about the sudo-users mailing list