In <janet.713781109@dunnart> janet@cs.uwa.oz.au (that's me) asked about this.
If you want to refresh your memory, I've quoted my original article below.
Out of the 4 people who replied (thanks, people!) two didn't seem to know
and two said no.
Ian Angles <ia@st-andrews.ac.uk> said:
> Basically, NO!. I did this with a few kernels, then wondered why it locked
> up.
> Sun explained to me as thus - login etc., call the routines in the kernel
> which are just stubs if you don't have SYSAUDIT enabled. When you do have
> SYSAUDIT enabled the kernel routines try and call things like the audit
> deamon and write to audit filesystems, which you probably won't have if
> you're only running shadow passwords.
Also, about the auditing UIDs (see below), Tim Ramsey <tar@math.ksu.edu>
said:
> You only need the auditing UIDs if you are using the C2 jumbo patch.
which I am.
Janet Jackson
<janet@cs.uwa.edu.au>
Systems Administrator
Department of Computer Science
The University of Western Australia
----------- My original article -----------
[This is for SunOS 4.1.1 on Sparcstations and Sun-4 servers.]
If I want to do Sun password shadowing without doing any of the C2 auditing,
do I need to build a kernel with the SYSAUDIT option enabled?
I already tried to convert to password shadowing but it didn't work because
(I'm told) I didn't create the auditing UIDs AUpwdauthd and AUyppasswdd.
I didn't think I'd need them, but according to various people, I do.
So maybe I need SYSAUDIT as well.
PLEASE REPLY BY EMAIL and I'll summarise.
My current kernel config file contains:
#
# The following options are for accounting and auditing. SYSAUDIT
# should be removed unless you are using the C2 security features.
#
options SYSACCT # process accounting, see acct(2) & sa(8)
#options SYSAUDIT # C2 auditing for security
----------- End of original article -------
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:06:48 CDT