In <janet.713781109@dunnart> email@example.com (that's me) asked about this.
If you want to refresh your memory, I've quoted my original article below.
Out of the 4 people who replied (thanks, people!) two didn't seem to know
and two said no.
Ian Angles <firstname.lastname@example.org> said:
> Basically, NO!. I did this with a few kernels, then wondered why it locked
> Sun explained to me as thus - login etc., call the routines in the kernel
> which are just stubs if you don't have SYSAUDIT enabled. When you do have
> SYSAUDIT enabled the kernel routines try and call things like the audit
> deamon and write to audit filesystems, which you probably won't have if
> you're only running shadow passwords.
Also, about the auditing UIDs (see below), Tim Ramsey <email@example.com>
> You only need the auditing UIDs if you are using the C2 jumbo patch.
which I am.
Department of Computer Science
The University of Western Australia
----------- My original article -----------
[This is for SunOS 4.1.1 on Sparcstations and Sun-4 servers.]
If I want to do Sun password shadowing without doing any of the C2 auditing,
do I need to build a kernel with the SYSAUDIT option enabled?
I already tried to convert to password shadowing but it didn't work because
(I'm told) I didn't create the auditing UIDs AUpwdauthd and AUyppasswdd.
I didn't think I'd need them, but according to various people, I do.
So maybe I need SYSAUDIT as well.
PLEASE REPLY BY EMAIL and I'll summarise.
My current kernel config file contains:
# The following options are for accounting and auditing. SYSAUDIT
# should be removed unless you are using the C2 security features.
options SYSACCT # process accounting, see acct(2) & sa(8)
#options SYSAUDIT # C2 auditing for security
----------- End of original article -------
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:06:48 CDT