Note: This is an archival copy of Security Sun Alert 200366 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000258.1.
Solaris 9 Operating System
Solaris 8 Operating System
Date of Workaround Release
Date of Resolved Release
Solaris 8 and Solaris 9 NIS clients which contain passwd(4) entries beginning with a "+" (plus sign) or a "-" (minus sign) and also contain a password entry in nsswitch.conf(4) of "passwd: compat" may find the NIS accounts are no longer able to login.
Note: Password entries with a "+" or "-" selectively incorporate entries from NIS maps for the password.
This issue can occur in the following releases:
Note: Solaris 2.6 and Solaris 7 are not affected by this issue.
Only login accounts configured on NIS client systems utilizing the +/- passwd(4) syntax as well as containing an entry of "compat" for either the "passwd" or "group" entries in the nsswitch.conf(4) file are affected.
To determine if a system is an NIS client, run the following command:
$ ps -ef |grep ypbind
To view the 'passwd' and 'group' entries in the nsswitch.conf(4) file, run the following command:
$ egrep "^passwd|^group" /etc/nsswitch.conf
If the described issue occurs, NIS user accounts will no longer be able to login to NIS client systems.
To workaround the described issue, the following entry in the "/etc/pam.conf" file can be changed from:
other auth required pam_unix_auth.so.1
other auth required pam_unix.so.1
This issue is addressed in the following releases:
This solution has no attachment