Patch-ID# 109413-10 Keywords: security nis+ compat min max shell gecos passwd start home nis rights Synopsis: Solstice AdminSuite 3.0.1: NIS + compat passwd autohome rights fixes Date: May/08/2003 Install Requirements: See Special Install Instructions Solaris Release: 8 SunOS Release: 5.8 Unbundled Product: Solstice AdminSuite Unbundled Release: 3.0.1 Xref: This patch available for x86 as patch 109414 Topic: Solstice AdminSuite 3.0.1: NIS + compat passwd autohome rights fixes Relevant Architectures: sparc BugId's fixed with this patch: 4305942 4318890 4341813 4372914 4410452 4428879 4431256 4432176 4470402 4517531 4518356 4756006 Changes incorporated in this version: 4756006 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: 108879-08 (or newer) Patches required with this patch: Obsoleted by: Files included with this patch: /opt/SUNWseam/3_0/admswt10.jar /opt/SUNWseam/3_0/help/default/cis/no_help.html /opt/SUNWseam/3_0/lib/libdirtbl.so.1 Problem Description: 4756006 3.0.1 adminsuite can't manage nis domain from virtual interface as root (from 109413-09) 4517531 User's rights change with AdminSuite 3.0.1 doesn't work properly (from 109413-08) 4518356 Adminsuite 3.0.1 reverses NIS+ host table information (name/cname) (from 109413-07) 4470402 Added rights cannot be removed (AdminSuite 3.0.1, Solaris 8 1/01, 4/01) (from 109413-06) 4431256 change user's password and the the shell change (from 109413-05) 4428879 adminsuite 3.0 and 3.0.1 will not allow users home directory to be created 4432176 AdminSuite 3.0.1 problems with NIS+ passwd entries (from 109413-04) 4410452 Current patches for Adminsuite 3.0 and 3.0.1 don't restart the server on install (from 109413-03) 4318890 possible problem with passwd min/max varibles in correct field (from 109413-02) 4372914 AdminSuite 3/NIS+: change shell or GECOS fields mangles entry in passwd.org_dir 4341813 AdminSuite 3.0 sets wrong homedirectory using usrmgr in NIS-Environment (from 109413-01) 4305942 admsvr3_0 fails to start with 'compat' in nsswitch.conf This patch fixes the admsvr3_0 start failures, but when the compat option is used in /etc/nsswitch.conf, a subset of the complete functionality of the normal compat option will be used when searching for user authorizations. A table of authorization search orders based on the configuration of /etc/nsswitch.conf and /etc/passwd follows: /etc/passwd ends in + passwd_compat: search order yes none files nis yes nis files nis yes nisplus files nisplus no any files For example, if the compat option is used, and the /etc/passwd file ends with a +, and there is no passwd_compat target in the nsswitch.conf, then the search order for authorizations will be first all of /etc/passwd, then all of the NIS passwd map. Other special compat mode syntax, such as +-user or +-netgroup, is NOT supported. In order to eliminate any confusion in assigning authorizations, it is highly recommended that all administrative users not be users who go through any of the unsupported compat switch syntax when logging in. Patch Installation Instructions: -------------------------------- For Solaris 2.0-2.6 releases, refer to the Install.info file and/or the README within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. For Solaris 7-9 releases, refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/104945-02 The following example removes a patch from a standalone system: example# patchrm 104945-02 For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- Do not install this patch if BSM is enabled on the system. Install patch 108881-08 (or newer) instead. The AdminSuite server is automatically stopped and restarted during patch installation. The user must exit the AdminSuite client application and restart it before the patch changes will take effect. The AdminSuite server is NOT automatically restarted during patch removal. If this patch is removed, the AdminSuite server most be stopped and restarted (/opt/SUNWseam/3_0/sbin/admsvr stop/start) to remove the patch changes. Anytime the AdminSuite server is stopped and restarted the AdminSuite client application must be exited and restarted. README -- Last modified date: Thursday, May 8, 2003