headers
James Craig | 23 Aug 2010 20:48
Picon

checkpassword vs Solaris 10


Hi,

I have upgraded my qmail server onto a newer solaris 10 box,
and almost everything works.

What I have discovered is that checkpassword does not authenticate
users who are not local to the machine, which used to work fine in
Solaris 9.

Our userdb is openldap,  and the password&shadow files have
+:x:::::
and 
+::::::::
respectively.

nsswitch.conf is set up to find users this way:
passwd: compat
passwd_compat: ldap 
shadow: compat
shadow_compat: ldap

so that getent passwd <user>  works fine.

Is there a subtle difference between Solaris 9 and Solaris 10 that
I didn't realize?  I haven't seen any references to issues online,
so I thought I would ask around here as well.

thank you,
Jim Craig
(Continue reading)

Permalink | Reply |
headers
Andy Bradford | 25 Aug 2010 05:43

Re: checkpassword vs Solaris 10

Thus said James Craig on Mon, 23 Aug 2010 14:48:15 EDT:

> What I  have discovered  is that  checkpassword does  not authenticate
> users who  are not local  to the machine, which  used to work  fine in
> Solaris 9.

If you are talking about the  standard checkpassword, I don't believe it
authenticates  anything  but  local  users. If  you  had  authentication
of  non-local users,  then  you  must have  been  using a  checkpassword
compatible  program. Are  you sure  the checkpassword  program that  you
installed on your new  Solaris 10 system is the same  version as the one
from your Solaris 9 system?

> Is there  a subtle difference  between Solaris  9 and Solaris  10 that
> Ididn't realize?

More likely  there is a  difference between your  checkpassword programs
(unless somehow the libraries on Solaris 9 made local/non-local seemless
to password programs).

Andy
Permalink | Reply |

Gmane