Hello all,
We have Solaris 9. As part of hardening of the system,
we have changed the encryption to 2a. This is done by
updating the /etc/securoty/policy.conf file with the following contents.
CRYPT_DEFAULT=2a.
After this, the root password is changed.
Now if root tries to invoke smc, the login fails eventhough
the password is correct.
How do we overcome this? This is very much required,
as we cannot use admintool, which is supposedly been
deprecated.
Best Regards,
Pradeep
|
|
0
|
|
|
|
Reply
|
 pradeep
|
6/8/2005 1:40:39 PM |
|
I think that there is a rather short maximum limit for the length of the
root password (maybe 10 characters or so). Solaris will let you use longer
passwords for logon (although, only the first 10 or so matter), but these do
not work for SMC. Try just the first 10 characters of the root password in
SMC or shorten the root password.
-Yves
"pradeep" <xxx@xxx.com> wrote in message
news:d86sgp$15n$1@news.mch.sbs.de...
> Hello all,
> We have Solaris 9. As part of hardening of the system,
> we have changed the encryption to 2a. This is done by
> updating the /etc/securoty/policy.conf file with the following contents.
>
> CRYPT_DEFAULT=2a.
>
> After this, the root password is changed.
> Now if root tries to invoke smc, the login fails eventhough
> the password is correct.
>
> How do we overcome this? This is very much required,
> as we cannot use admintool, which is supposedly been
> deprecated.
>
> Best Regards,
> Pradeep
>
>
|
|
|
0
|
|
|
|
Reply
|
Yves
|
6/8/2005 2:43:35 PM
|
|
"pradeep" <xxx@xxx.com> writes:
>CRYPT_DEFAULT=2a.
>After this, the root password is changed.
>Now if root tries to invoke smc, the login fails eventhough
>the password is correct.
>How do we overcome this? This is very much required,
>as we cannot use admintool, which is supposedly been
>deprecated.
SMC unfortuantely is broken in this respect because it does
key handling in Java.
Casper
--
Expressed in this posting are my opinions. They are in no way related
to opinions held by my employer, Sun Microsystems.
Statements on Sun products included here are not gospel and may
be fiction rather than truth.
|
|
|
0
|
|
|
|
Reply
|
Casper
|
6/8/2005 3:55:13 PM
|
|
Casper H.S. Dik <Casper.Dik@Sun.COM> writes:
> SMC unfortuantely is broken in this respect because it does
> key handling in Java.
I would say that SMC is broken in many respects, but that's just IMHO. :-)
Bye, Dragan
--
Dragan Cvetkovic,
To be or not to be is true. G. Boole No it isn't. L. E. J. Brouwer
!!! Sender/From address is bogus. Use reply-to one !!!
|
|
|
0
|
|
|
|
Reply
|
Dragan
|
6/8/2005 4:17:54 PM
|
|
Dragan Cvetkovic wrote:
> Casper H.S. Dik <Casper.Dik@Sun.COM> writes:
>
>
>>SMC unfortuantely is broken in this respect because it does
>>key handling in Java.
>
>
> I would say that SMC is broken in many respects, but that's just IMHO. :-)
>
> Bye, Dragan
>
You beat me too it, Dragan :)
--
Coy Hile
hile@cse.psu.edu
|
|
|
0
|
|
|
|
Reply
|
Coy
|
6/8/2005 4:26:31 PM
|
|
But SMC has entertainment value. :-)
---Bob
|
|
|
0
|
|
|
|
Reply
|
palowoda
|
6/8/2005 7:55:40 PM
|
|
palowoda@gmail.com writes:
> But SMC has entertainment value. :-)
Agreed. For a peculiar definition of word 'entertainment' :-)
Dragan
--
Dragan Cvetkovic,
To be or not to be is true. G. Boole No it isn't. L. E. J. Brouwer
!!! Sender/From address is bogus. Use reply-to one !!!
|
|
|
0
|
|
|
|
Reply
|
Dragan
|
6/8/2005 7:58:51 PM
|
|
Dragan Cvetkovic wrote:
> palowoda@gmail.com writes:
>
>
>>But SMC has entertainment value. :-)
>
>
> Agreed. For a peculiar definition of word 'entertainment' :-)
>
> Dragan
>
I'm surprised that *anybody* would use that in a production
environment. Using the appropriate command-line tools or one's own
scripts (for ldap or nis or files) seems so much faster and more sane.
I don't have any experience with NIS+.
--
Coy Hile
hile@cse.psu.edu
|
|
|
0
|
|
|
|
Reply
|
Coy
|
6/8/2005 8:28:45 PM
|
|
Coy Hile <hile@cse.psu.edu> writes:
> Dragan Cvetkovic wrote:
>> palowoda@gmail.com writes:
>>
>>>But SMC has entertainment value. :-)
>> Agreed. For a peculiar definition of word 'entertainment' :-)
>> Dragan
>>
>
> I'm surprised that *anybody* would use that in a production environment.
> Using the appropriate command-line tools or one's own scripts (for ldap or
> nis or files) seems so much faster and more sane. I don't have any
> experience with NIS+.
I don't have (much) experience with NIS+, but try running smpatch on
Solaris 9 without having SMC installed. No joy. Maybe there is some deep
reason for all that I don't see, but I don't understand the need for SMC
and WBEM stuff. Neither for GNOME2, but I am old-fashioned.
Bye, Dragan
--
Dragan Cvetkovic,
To be or not to be is true. G. Boole No it isn't. L. E. J. Brouwer
!!! Sender/From address is bogus. Use reply-to one !!!
|
|
|
0
|
|
|
|
Reply
|
Dragan
|
6/8/2005 8:36:04 PM
|
|
|
8 Replies
568 Views
(page loaded in 0.075 seconds)
|
Search |
Post Question |
Groups |
Stream |
About |
Register
25710 articles. 
78 followers. 