Patch-ID# 119698-01 Keywords: security passwd pam_unix_auth.so nisplus Synopsis: Trusted_Solaris_8_HW_7/03: pam patch Date: Jun/20/2005 Install Requirements: NA Solaris Release: Trusted_Solaris_8_HW_7/03 SunOS Release: Trusted_Solaris_8_HW_7/03 Unbundled Product: Unbundled Release: Xref: This patch available for x86 as 119699 Topic: Trusted_Solaris_8_HW_7/03: pam patch Relevant Architectures: sparc BugId's fixed with this patch: 5075722 6248413 Changes incorporated in this version: 5075722 6248413 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /etc/pam.conf Problem Description: 5075722 TS8 HW 7/03 upgrade install modifies pam.conf with wrong modules 6248413 Need to support pam_passwd_auth.so.1 in TS8 7/03: passwd asks wrong pw for root if running nisplus Patch Installation Instructions: -------------------------------- Refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Trusted Solaris. Any other special or non-generic installation instructions should be described below as special instructions. For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- NOTE: If the /etc/pam.conf file contains the string pam_unix_auth.so, which can occur if there has been an upgrade install, this patch will replace /etc/pam.conf, saving the old version to /etc/pam.conf.old. If there is an existing pam.conf.old file, it will be preserved after each subsequent patch installation in the following fashion: /var/sadm/pkg/SUNWcsr/save/pam.conf.old.119698-01 (or greater) The old and new pam.conf files should be compared to find any site customizations and include them in the patched pam.conf After patch removal these files will not be removed automatically. The steps below assume the patch has been put into an ADMIN_LOW directory in /var/tmp and the patch file label is configured to ADMIN_LOW. Create a role which contains the Software Installation profile (typically admin role is assigned this profile) and whose label range includes the ADMIN_LOW label. All the steps in the patch installation should be be executed at ADMIN_LOW. The patch should be owned by this role. 1) Login as a user authorized to assume a role that contains the Software Installation profile; typically the admin role. Assume that role. To verify the profile is assigned to the role, type: "profiles -l | grep patchadd". The result should be: /usr/sbin/patchadd uid=0, privs=all, label=admin_low 2) cd into /var/tmp and install the patch file. # cd /var/tmp # patchadd /var/tmp/ where is the patch number. Special Backout Instructions: ----------------------------- NOTE: This patch is a one-way patch, patchrm has no effect except to remove the patchid from the showrev output. 1) Login as a user authorized to assume a role that contains the Software Installation profile; typically the admin role. Assume that role. To verify the profile is assigned to the role, type: "profiles -l | grep patchrm". The result should be: /usr/sbin/patchrm uid=0, privs=all, label=admin_low 2) Backout patch by typing: # patchrm where is the patch number. README -- Last modified date: Monday, June 20, 2005