Patch-ID# 114242-13 Keywords: security nsswitch passwdutil.so.1 pam_authtok_store pam_ldap ldap Synopsis: SunOS 5.9_x86: passwdutil.so.1 & pam_authtok Patch Date: Oct/22/2004 Install Requirements: Reboot after installation See Special Install Instructions Solaris Release: 9_x86 SunOS Release: 5.9_x86 Unbundled Product: Unbundled Release: Xref: This patch available for SPARC as patch 113476 Topic: SunOS 5.9_x86: passwdutil.so.1 & pam_authtok Patch Relevant Architectures: i386 BugId's fixed with this patch: 4743707 4746114 4747441 4751394 4754634 4765506 4768140 4774607 4793719 4805635 4830406 4873939 4874749 4877796 4887906 4913437 4977110 4980441 4988859 5003953 5012514 5014993 5044522 Changes incorporated in this version: 5044522 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /usr/lib/libpam.so.1 /usr/lib/llib-lpasswdutil /usr/lib/llib-lpasswdutil.ln /usr/lib/passwdutil.so.1 /usr/lib/security/pam_authtok_check.so.1 /usr/lib/security/pam_authtok_get.so.1 /usr/lib/security/pam_authtok_store.so.1 /usr/lib/security/pam_dhkeys.so.1 /usr/lib/security/pam_passwd_auth.so.1 Problem Description: 5044522 Root is able to change user passwd if no of attempts > max_attempts in nis+. (from 114242-12) 5014993 user logins may fail when nsswitch compat mode is used with NIS+ or LDAP (from 114242-11) 4988859 passwd -g, -e, -h cause segfault 5003953 Logins to Solaris 9 NIS+ clients always talk to master even when it is down (from 114242-10) 4913437 Changing password in NIS+ fails on S9 clients with "Permission denied" 5012514 'passwd ' fails as root on NIS+ systems 4980441 PAM module pam_dhkeys fails to retrieve changed credentials (from 114242-09) 4977110 passwd doesn't work with compat entries in /etc/nsswitch.conf (from 114242-08) 4887906 pam_sm_chauthtok() returns 13 (PAM_USER_UNKNOWN) if lastchg=0 for local users (from 114242-07) 4746114 libpam internationalized messages are off by 1 for locale != C 4793719 pam_authtok_check.so.1::circ() too space-conservative 4805635 root may change enduser password in NIS+ without entering its own password 4877796 passwd (passwdutil) inadvertently resets aging information (from 114242-06) 4873939 pam and compat does not work after applying patch 108993-18 (from 114242-05) 4874749 passwd -x modifies the lastchg field also in /etc/shadow file (from 114242-04) 4765506 NIS+ password problems with Solaris 9 4768140 passwd core dumps when changing shell (from 114242-03) 4774607 pam_ldap gets confused when root tries to change user's password (from 114242-02) 4830406 passwdutil is too dumb to handle NIS+ subdomains correctly (from 114242-01) 4743707 non-default nsswitch backends confuse passwdutil.so.1 4747441 pam_authtok_store does not map all the PWU errors to PAM errors 4751394 non decisive modules should not return PAM_SUCCESS 4754634 passwd command seg faults when updating user can't be authenticated to LDAP Patch Installation Instructions: -------------------------------- For Solaris 2.0-2.6 releases, refer to the Install.info file and/or the README within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. For Solaris 7-9 releases, refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/104945-02 The following example removes a patch from a standalone system: example# patchrm 104945-02 For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- NOTE: To get the complete fix for the bug 4765506, please install the following patch in addition to this patch: 113719-08 (or newer) rpc.nispasswdd README -- Last modified date: Friday, October 22, 2004