[8217] in bugtraq
Re: Annoying Solaris/CDE/NIS+ bug
daemon@ATHENA.MIT.EDU (Allen Myers - Verio Consulting Gro)
Thu Oct 15 13:04:22 1998
Date: Wed, 14 Oct 1998 13:43:45 -0700
Reply-To: Allen Myers - Verio Consulting Group <myers@VERIO.NET>
From: Allen Myers - Verio Consulting Group <myers@VERIO.NET>
X-To: Frank Cusack <fcusack@ICONNET.NET>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Frank Cusack <fcusack@ICONNET.NET> "Re: Annoying Solaris/CDE/NIS+
bug" (Oct 13, 9:03pm)
] [On Oct 13, Frank Cusack wrote:]
] Subject: Re: Annoying Solaris/CDE/NIS+ bug
] dbell <dbell@BWAY.NET> writes:
]
] > I didn't see this, or anything similar to it in the archives, but please
] > forgive me if it's well known:
] >
] > If a Solaris 2.6 host is a NIS+ client, and any user other than root is
] > running CDE at the console, CDE's screen locking feature does not work.
] > Any random string is sufficient to unlock to console. Obviously, this is
]
] The bug has nothing to do with NIS+. The CDE screenlocker (dtsession)
] accepts either the user's password or the root password to unlock
] the screen.
Not true. I've seen this at several sites (and root's password was
_definitely_ not empty). Here's the first paragraph from Sun's bug
report...
------------------------ 8< ------------------------------------------
Bug Id: 4115685
Category: cde
Subcategory: screenlock
State: integrated
Synopsis: CDE screen lock not working properly for nis+ users
Description:
login in as a nis+ user, using lock from CDE front panel, screen locks
but at the prompt any password, even no password unlocks the screen.
root user doesn't have this problem. Xlock doesnot have this problem.
multiple machines have the same problem. all the recommended patches
are installed, problem happens even for newly defined users.
------------------------ 8< ------------------------------------------
]
] When root doesn't have a password, it accepts anything. A bug? hardly.
] Install a root password.
see above ...
]
] [...]
]
] --
] Frank Cusack + Today's Haiku No keyboard present
] Icon CMT Corp. + error message: Hit F1 to continue
] PGP: C001AA75 + Zen engineering?
]-- End of excerpt from <fcusack@ICONNET.NET>
--
- Allen
V E R I O Consulting Group
_____________________________________________________________________
Allen Myers . Chief Technology Officer url: socal.verio.net
e: myers@verio.net t: 800/273.5600
8001 Irvine Center Drive t: 949/450.8400
Suite 1200 f: 949/450.8410
Irvine, CA 92618-2934 24 hour Tech Support: 888/306.4638
_____________________________________________________________________
>>>> Black holes are where God divided by zero.
