SUMMARY: SunSHIELD - experiences sought

From: Adrian Booth Computing Consultants (
Date: Mon Nov 09 1992 - 02:06:00 CST

I had three replies to my query about SunSHIELD - two reporting problems,
and one (from a Sun SSE) who said he had "no real problems".

Some of the problems that were reported are:

- It installs off the CD-ROM without execute permission on the binaries
(have you ever tried to boot a Sun that can't execute init?)

- When installed with C2 auditing turned on, C2 ignores all of the auditing
flags and audits everything...

- If you have /etc/resolv.conf (DNS) and ARM authenticates your hosts via
lookup to the nameservers, then *all* of the nameservers in resolv.conf are
checked. If one of them is down, ARM will NOT authenticate you, and you will
NOT be able to login. Sun's solution: never let your nameservers go down. Never.

- Invalid login attempts are logged in cleartext. ARM does not tell you when
you run out of invalid login attempts.

- If the armd_transact file gets over around 100K in size, armd goes berserk,
chewing up wads of CPU time and not authenticating. Sun's solution: move the
transaction file and send a SIGHUP to rpc.armd.

You also need to install 2 patches to use it - 100632 and 100653. These
patches may fix some or all of the above problems.

I had replies to my post from the following:

Lynton Willson <>
        (from whose reply most of this posting is shamelessly plagiarised)
John Pipkins <>
Jerry M. Carlin <>

Thanks all. I have kept these replies; email me if you would like a copy.

 | Adrian Booth | |
 | Adrian Booth Computing Consultants | Ph: (09) 354 4936 |
 | 7 Glenrowan Pl., Willetton WA 6155 | |
for a in past present future; do
        for b in clients employers associates relatives neighbours pets; do
echo The opinions in this article in no way reflect the opinions of my $a $b.

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:06:52 CDT