[996] in arla-drinkers

home help back first fref pref prev next nref lref last post

Re: PAM and arla

daemon@ATHENA.MIT.EDU (Tim Yardley)
Tue Jul 20 16:50:38 1999

From owner-arla-drinkers@stacken.kth.se Tue Jul 20 20:50:37 1999
Return-Path: <owner-arla-drinkers@stacken.kth.se>
Delivered-To: arla-drinkers-mtg@bloom-picayune.mit.edu
Received: (qmail 29141 invoked from network); 20 Jul 1999 20:50:36 -0000
Received: from unknown (HELO sundance.stacken.kth.se) (130.237.234.41)
  by bloom-picayune.mit.edu with SMTP; 20 Jul 1999 20:50:36 -0000
Received: (from majordom@localhost)
	by sundance.stacken.kth.se (8.8.8/8.8.8) id WAA17533
	for arla-drinkers-list; Tue, 20 Jul 1999 22:45:47 +0200 (MET DST)
Received: from ex1.ncsa.uiuc.edu (ex1.ncsa.uiuc.edu [141.142.2.9])
	by sundance.stacken.kth.se (8.8.8/8.8.8) with ESMTP id WAA17529
	for <arla-drinkers@stacken.kth.se>; Tue, 20 Jul 1999 22:45:42 +0200 (MET DST)
Received: from mx1.ncsa.uiuc.edu (mx1.ncsa.uiuc.edu [141.142.2.8])
	by ex1.ncsa.uiuc.edu (8.9.3/8.9.3) with ESMTP id PAA09438;
	Tue, 20 Jul 1999 15:45:26 -0500 (CDT)
Received: from pecos.ncsa.uiuc.edu (pecos.ncsa.uiuc.edu [141.142.4.6])
	by mx1.ncsa.uiuc.edu (8.9.3/8.9.3) with SMTP id PAA18956;
	Tue, 20 Jul 1999 15:45:25 -0500 (CDT)
Date: Tue, 20 Jul 1999 15:45:24 -0500 (CDT)
From: Tim Yardley <yardley@ncsa.uiuc.edu>
Reply-To: Tim Yardley <yardley@ncsa.uiuc.edu>
To: Tobias Schaefer <T.Schaefer@science-computing.de>
cc: Assar Westerlund <assar@sics.se>, arla-drinkers@stacken.kth.se,
        kth-krb-bugs@nada.kth.se
Subject: Re: PAM and arla
In-Reply-To: <Pine.SOL.4.02.9907201745480.16331-100000@pollux.science-computing.de>
Message-ID: <Pine.SOL.3.95.990720152400.12489A-100000@pecos.ncsa.uiuc.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-md5sum: a76d8c49002767654f787a79faefe187
X-md5sum-Origin: mx1.ncsa.uiuc.edu
Sender: owner-arla-drinkers@stacken.kth.se
Precedence: bulk

On Tue, 20 Jul 1999, Tobias Schaefer wrote:
: But I _do_ think that even root's token should be protected by a PAG. If
: this is not possible, every daemon on the system works with this token.
: This is unnecessary at best.

I don't remember the exact reasoning, but if I recall correctly...
Transarc decided that root should not get a pag shell.  This was decided
for some security reason, however... I do not recall exactly what it was.

: I'm quite sure this did work with dtlogin for SOLARIS 2.5 / 2.6. (No
: expierience with 2.7 though.)

Yes, it works fine in pre 2.7 solaris versions.  However, as to the exact
reason why it no longer works as it is supposed to.  There are several
different factors that could be at play.  One is that PAM versions changed
between 2.6 and 2.7.. another is that dtlogin changed versions as well.

[yardley@pecos]:[~] which sum
/usr/ncsa/bin/sum
[yardley@pecos]:[/usr/dt/bin] uname -a
SunOS pecos.ncsa.uiuc.edu 5.4 Generic_101945-51 sun4d sparc
[yardley@pecos]:[/usr/dt/bin] sum dtlogin
08002   156

[yardley@wormwood]:[~] which sum
/usr/ncsa/bin/sum
[yardley@wormwood]:[~] uname -a
SunOS wormwood.ncsa.uiuc.edu 5.6 Generic sun4m sparc SUNW,SPARCstation-5
[yardley@wormwood]:[~] sum /usr/dt/bin/dtlogin
43974   158

[yardley@solace]:[~] which sum
/usr/ncsa/bin/sum
[yardley@solace]:[~] uname -a
SunOS solace.ncsa.uiuc.edu 5.7 Generic sun4m sparc SUNW,SPARCstation-10
[yardley@solace]:[~] sum /usr/dt/bin/dtlogin
06499   165    

/tmy

-- Diving into infinity my consciousness expands in inverse
   proportion to my distance from singularity



home help back first fref pref prev next nref lref last post