I had three replies to my query about SunSHIELD - two reporting problems,
and one (from a Sun SSE) who said he had "no real problems".
Some of the problems that were reported are:
- It installs off the CD-ROM without execute permission on the binaries
(have you ever tried to boot a Sun that can't execute init?)
- When installed with C2 auditing turned on, C2 ignores all of the auditing
flags and audits everything...
- If you have /etc/resolv.conf (DNS) and ARM authenticates your hosts via
lookup to the nameservers, then *all* of the nameservers in resolv.conf are
checked. If one of them is down, ARM will NOT authenticate you, and you will
NOT be able to login. Sun's solution: never let your nameservers go down. Never.
- Invalid login attempts are logged in cleartext. ARM does not tell you when
you run out of invalid login attempts.
- If the armd_transact file gets over around 100K in size, armd goes berserk,
chewing up wads of CPU time and not authenticating. Sun's solution: move the
transaction file and send a SIGHUP to rpc.armd.
You also need to install 2 patches to use it - 100632 and 100653. These
patches may fix some or all of the above problems.
I had replies to my post from the following:
Lynton Willson <lwillson@laurel.ocs.mq.edu.au>
(from whose reply most of this posting is shamelessly plagiarised)
John Pipkins <jp@poseur.jpl.nasa.gov>
Jerry M. Carlin <jmcarli@srv.pacbell.com>
Thanks all. I have kept these replies; email me if you would like a copy.
--------------------------------------------------------------------------
| Adrian Booth | |
| Adrian Booth Computing Consultants | Ph: (09) 354 4936 |
| 7 Glenrowan Pl., Willetton WA 6155 | abcc@DIALix.oz.au |
| AUSTRALIA | |
--------------------------------------------------------------------------
for a in past present future; do
for b in clients employers associates relatives neighbours pets; do
echo The opinions in this article in no way reflect the opinions of my $a $b.
done;done
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:06:52 CDT