SUMMARY: C2 and Solaris 2.3

From: Torsten Metzner (tom@uni-paderborn.de)
Date: Mon May 02 1994 - 12:48:36 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hello and sorry for the long delay, but I had to do some other staff in the
last two weeks.

Original situation and question:

My situation:
We are running a lot of hosts with SunOS 4.1.3 and a few hosts with Solaris2.3
In our environment we are using NIS ( still testing NIS+ ) and our
NIS master server is a SS10 running SunOS4.1.3.

What I try to do:
I only want to use the C2 security package to hide our encrypted passwords.
In a pure SunOS 4.1.3 environment this is no problem, e.g. we use it on
our students network.
But in my opinion this is a problem if I am using Solaris hosts in my NIS
domain. Because im my humble opinion the /usr/etc/rpc.pwdauthd daemon
is necessary to redirect the pwdauth and grpauth authentication requests
to the right file and nis maps *.adjunct. But this daemon program doesn't exist
on Solaris 2.3. So I think it is not possible to use the C2 security in
an environment with SunOS and Solaris machines, because on the Solaris NIS clients the user should not be able to login to his NIS account.

My question:
(1) Is it possible to use C2 on a SunOS4.1.3 NIS server with
Solaris clients ?
(2) Is there another solution to hide the encrypted passwords with a
SunOS 4.1.3 NIS server.

The solution to the above questions.

(1) Yes it is possible and it is trivial too.

    The C2 security package on SunOS4.1.3 works with Solaris 2.3 out of the box.
    You don't have to do anything on a Solaris 2.3 client.
    I tried this today and I had really no problems.
    For Solaris 2.2 there is a patch (101022-05). With this patch it
    should be possible too.
    I didn't test this because we are running Solaris2.3.



(2) It seems to be, that you can also use the Basic Security Module (BSM) on
     a Solaris 2.3 and Solaris 1.1 environment.
     BSM should be available for Solaris and SunOS.
     I didn't try this, because the first solution [ see (1) ] was everything
     I need.

The table of honour:

I got only two responses but it was exactly what I need.
Thanx to:
   Leonard Sitongia <sitongia@zia.hao.ucar.edu>, who gave me the information
   that it works out of the box.
   Butch Deal NRL <deal@ait.nrl.navy.mil>, who mentioned BSM.

Thanx,

Torsten.

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:09:00 CDT