PAM and arla
Tim Yardley
yardley at ncsa.uiuc.edu
Tue Jul 20 22:45:47 CEST 1999
On Tue, 20 Jul 1999, Tobias Schaefer wrote:
: But I _do_ think that even root's token should be protected by a PAG. If
: this is not possible, every daemon on the system works with this token.
: This is unnecessary at best.
I don't remember the exact reasoning, but if I recall correctly...
Transarc decided that root should not get a pag shell. This was decided
for some security reason, however... I do not recall exactly what it was.
: I'm quite sure this did work with dtlogin for SOLARIS 2.5 / 2.6. (No
: expierience with 2.7 though.)
Yes, it works fine in pre 2.7 solaris versions. However, as to the exact
reason why it no longer works as it is supposed to. There are several
different factors that could be at play. One is that PAM versions changed
between 2.6 and 2.7.. another is that dtlogin changed versions as well.
[yardley at pecos]:[~] which sum
/usr/ncsa/bin/sum
[yardley at pecos]:[/usr/dt/bin] uname -a
SunOS pecos.ncsa.uiuc.edu 5.4 Generic_101945-51 sun4d sparc
[yardley at pecos]:[/usr/dt/bin] sum dtlogin
08002 156
[yardley at wormwood]:[~] which sum
/usr/ncsa/bin/sum
[yardley at wormwood]:[~] uname -a
SunOS wormwood.ncsa.uiuc.edu 5.6 Generic sun4m sparc SUNW,SPARCstation-5
[yardley at wormwood]:[~] sum /usr/dt/bin/dtlogin
43974 158
[yardley at solace]:[~] which sum
/usr/ncsa/bin/sum
[yardley at solace]:[~] uname -a
SunOS solace.ncsa.uiuc.edu 5.7 Generic sun4m sparc SUNW,SPARCstation-10
[yardley at solace]:[~] sum /usr/dt/bin/dtlogin
06499 165
/tmy
-- Diving into infinity my consciousness expands in inverse
proportion to my distance from singularity
More information about the Arla-drinkers
mailing list