OBSOLETE Patch-ID# 104433-09 Keywords: security y2000 password keylogin expire pam_pwmgt.so.1 sprintf Synopsis: OBSOLETED by 106563 Date: Oct/06/98 Solaris Release: 2.5.1 SunOS Release: 5.5.1 Unbundled Product: Unbundled Release: Xref: This patch available for x86 as patch 104434 Topic: SunOS 5.5.1: pam security patch NOTE: Refer to Special Install Instructions section for IMPORTANT specific information on this patch. BugId's fixed with this patch: 1198961 1235379 1236638 1253949 4010565 4018347 4024446 4030217 4159986 Changes incorporated in this version: 4159986 Relevant Architectures: sparc Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: iss_sparc-01 (or newer) Patches required with this patch: 103612-27 103696-03 (or newer) Obsoleted by: 106563 on Jan/22/99 Files included with this patch: /etc/lib/pam_authen.so.1 /etc/lib/pam_entry.so.1 /etc/lib/pam_pwmgt.so.1 /usr/lib/security/pam_authen.so.1 /usr/lib/security/pam_entry.so.1 /usr/lib/security/pam_pwmgt.so.1 Problem Description: 4159986 [5.5.1 pam/NIS+] passwd can't read pw field when pw tbl perms are tight (CERT) (from 104433-08) 1253949 In Solaris NIS, root must know user's old passwd (from 104433-07) 1236638 *passwd* shadow file occasionally gets deleted in large user environment (from 104433-06) 1235379 nispasswd -D domain user fails. (from 104433-05) 4010565 su can be interrupted by and not logged in /var/adm/log (from 104433-04) 4030217 sa_get_authtokattr() error message prints /100 for /00 in year 2000 1198961 password expected by keylogin incorrect after password change forced by expire The complete fix for bug 1198961 requires bugfix 1206421 (found in patch 103612-27 or higher). (from 104433-03) 4024446 RFE to have login and ypasswd deal with NIS passwd aging as impl by other vendor (from 104433-02) 4018347 pam security problem (from 104433-01) 1198961 password expected by keylogin incorrect after password change forced by expire Once the password has expired, the user has to enter a new passwd. After the new passwd has been entered, the keylogin process fails. This patch will perform the sa_establish_key() automatically. Patch Installation Instructions: -------------------------------- Refer to the Install.info file within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. Any other special or non-generic installation instructions should be described below. Special Install Instructions: ----------------------------- NOTE: To get the complete fix for bug 1253949 (In Solaris NIS, root must know user's old passwd), one must have the NSKit 1.2 patch 103053-05 (or newer).