Bug ID: 6652181 need to setup correct pam stack for tsoljds-tstripe

Bug ID	6652181
Synopsis	need to setup correct pam stack for tsoljds-tstripe
State	10-Fix Delivered (Fix available in build)
Category:Subcategory	utility:sec_labeling
Keywords
Responsible Engineer	Ric Aleshire
Reported Against
Duplicate Of
Introduced In	solaris_nevada
Commit to Fix	snv_82
Fixed In	snv_82
Release Fixed	solaris_nevada(snv_82) , solaris_10u6(s10u6_01) (Bug ID:2158226)
Related Bugs
Submit Date	18-January-2008
Last Update Date	31-January-2008
Description	Previously, installing or enabling Trusted Extensions would result in this stack in pam.conf: tsoljds-tstripe account requisite pam_roles.so.1 tsoljds-tstripe account required pam_tsol_account.so.1 The pam_tsol_account module was needed because of an nscd bug (since fixed) in which the pam_unix_account module failed for this service. The drawback of this delivered workaround is that TJDS roles were thus required to have a label range of admin_low to admin_high. The following correct stack for this service should be delivered now that the nscd issue is resolved: tsoljds-tstripe account requisite pam_roles.so.1 tsoljds-tstripe account required pam_unix_account.so.1
Work Around	edit pam.conf by hand to get the specified stack, or use only roles with the widest label range.
Comments	N/A

OpenSolaris