OBSOLETE Patch-ID# 113476-13 Keywords: security plugin password hashing algorithm blowfish pam ldap Synopsis: Obsoleted by: 112960-14 SunOS 5.9: usr/lib/passwdutil.so.1 pam_ldap Patch Date: Apr/14/2004 Install Requirements: Reboot after installation Solaris Release: 9 SunOS Release: 5.9 Unbundled Product: Unbundled Release: Xref: This patch available for x86 as patch 114242 Topic: SunOS 5.9: usr/lib/passwdutil.so.1 pam_ldap Patch Relevant Architectures: sparc BugId's fixed with this patch: 4192824 4248430 4357827 4390053 4658625 4660019 4670947 4677591 4682120 4683522 4700602 4709300 4743707 4746114 4747441 4751394 4754634 4756113 4765506 4768140 4774607 4793719 4805635 4830406 4873939 4874749 4877796 4887906 4890233 Changes incorporated in this version: 4887906 Patches accumulated and obsoleted by this patch: 113152-01 113166-01 Patches which conflict with this patch: Patches required with this patch: 112874-06 or greater 112960-03 or greater Obsoleted by: Files included with this patch: /usr/lib/libpam.so.1 /usr/lib/llib-lpasswdutil /usr/lib/llib-lpasswdutil.ln /usr/lib/passwdutil.so.1 /usr/lib/security/pam_authtok_check.so.1 /usr/lib/security/pam_authtok_get.so.1 /usr/lib/security/pam_authtok_store.so.1 /usr/lib/security/pam_dhkeys.so.1 /usr/lib/security/pam_ldap.so.1 /usr/lib/security/pam_passwd_auth.so.1 /usr/lib/security/pam_unix_account.so.1 /usr/lib/security/pam_unix_auth.so.1 /usr/lib/security/sparcv9/pam_authtok_check.so.1 /usr/lib/security/sparcv9/pam_authtok_get.so.1 /usr/lib/security/sparcv9/pam_authtok_store.so.1 /usr/lib/security/sparcv9/pam_dhkeys.so.1 /usr/lib/security/sparcv9/pam_ldap.so.1 /usr/lib/security/sparcv9/pam_passwd_auth.so.1 /usr/lib/security/sparcv9/pam_unix_account.so.1 /usr/lib/security/sparcv9/pam_unix_auth.so.1 /usr/lib/sparcv9/libpam.so.1 /usr/lib/sparcv9/llib-lpasswdutil.ln /usr/lib/sparcv9/passwdutil.so.1 Problem Description: 4887906 pam_sm_chauthtok() returns 13 (PAM_USER_UNKNOWN) if lastchg=0 for local users (from 113476-12) 4890233 using 'use_first_pass' for pam_ldap does not work (from 113476-11) 4746114 libpam internationalized messages are off by 1 for locale != C 4793719 pam_authtok_check.so.1::circ() too space-conservative 4805635 root may change enduser password in NIS+ without entering its own password 4877796 passwd (passwdutil) inadvertently resets aging information (from 113476-10) 4873939 pam and compat does not work after applying patch 108993-18 (from 113476-09) 4874749 passwd -x modifies the lastchg field also in /etc/shadow file (from 113476-08) 4765506 NIS+ password problems with Solaris 9 4768140 passwd core dumps when changing shell (from 113476-07) 4774607 pam_ldap gets confused when root tries to change user's password (from 113476-06) 4830406 passwdutil is too dumb to handle NIS+ subdomains correctly (from 113476-05) 4743707 non-default nsswitch backends confuse passwdutil.so.1 4747441 pam_authtok_store does not map all the PWU errors to PAM errors 4751394 non decisive modules should not return PAM_SUCCESS 4754634 passwd command seg faults when updating user can't be authenticated to LDAP (from 113476-04) 4756113 libc version number is incorrect in s9u2 (from 113476-03) 4709300 passwd fails if the pam_authtok_store service was specified with server_policy (from 113476-02) 4670947 logins failing when NIS is backend for authentication (from 113476-01) This patch revision was generated to accumulate and obsolete the changes introduced in Solaris Update: s9u2 feature point patches: 113152-01 113166-01 (from 113152-01) 4357827 pam_ldap should fully support password aging 4677591 implement PSARC/2002/241 - PAM binding control flag 4660019 nss_ldap.so may return non '-1' values for getspnam() 4682120 get/set_item conversation function tracing needs improvement. 4658625 pam_framework doesn't trace pam_chauthtok PAM_TRY_AGAIN return. 4683522 pam_get_data tracing could improve. (from 113166-01) 4390053 crypt(3c) needs to interoperate with *BSD and Linux 4248430 RFE: NIS+ should support alternate encryption algorithms for the user 4192824 newkey/chkey should use a configurable crypt() to encrypt the users p 4700602 crypt_gensalt should be version SUNW_1.22 instead of SUNW_1.21 Patch Installation Instructions: -------------------------------- For Solaris 2.0-2.6 releases, refer to the Install.info file and/or the README within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. For Solaris 7-9 releases, refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/104945-02 The following example removes a patch from a standalone system: example# patchrm 104945-02 For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- NOTE 1: To get the complete Flexible Crypt feature, please install the following patches: 112874-06 (or newer) libc 113475-01 (or newer) libsecurity crypt 113480-01 (or newer) pam_unix Patch 113481-01 (or newer) nispasswdd 113482-01 (or newer) sbin/sulogin 113483-01 (or newer) rpc.ypasswdd NOTE2: To get the complete fix for the bug 4765506, please install the following patch in addition to this patch: 113319-14 (or newer) rpc.nispasswdd README -- Last modified date: Monday, May 31, 2004