SUMMARY: CDE Screenlock Not working after Solaris 9 Upgrade

From: <West.Daniel_at_epamail.epa.gov>
Date: Mon Jun 06 2005 - 10:49:32 EDT
I knew this was a strange problem when I didn't receive a single reply
to my question.  I finally stumbled across the cause of the CDE screen
lock failure.  It turned out to be the permissions on the /etc/pam.conf
file.  This file needs to have world read permission.  I'm surprised
that
this was the only problem that showed up because of the permissions on
the PAM configuration file.



Here is my original question:

**************************************************************************
I have a SunBlade 2000 system that I upgraded from Solaris 8 to Solaris
9.
I now have a strange problem that I can't find an answer to.  The CDE
screenlock does not work properly for a normal user.  When logging in as
root everything works fine.  Here are the symptoms:

  Click the CDE screen lock icon and it appears to work but if you just
  hit enter without entering a password the session resumes.  FYI: I get
  the same results calling /usr/dt/bin/dtaction LockDispay directly. It
  also starts filling the .dt/errorlog with the following entries:

    Mon Apr 25 17:00:59 2005
    dtsession: pam_start status = 4


    Mon Apr 25 17:00:59 2005
    dtsession: pam_start status = 4


  These entries will not stop until you logout of the CDE session.
  I thought it must be a PAM problem but I have tried numerous PAM
  configurations and nothing seems to help.  I have even tried the
  generic pam.conf from the Sun Blueprints "Extending Authentication
  in the Solaris 9 Operating Environment Using Pluggable Authentication
  Modules (PAM) Part I". Here is the dtsession section

    dtsession auth requisite pam_authtok_get.so.1
    dtsession auth required pam_unix_auth.so.1



I have the latest Solaris patch cluster and all of the latest CDE
patches.  I even did a reinstall of Solaris 9 which did not help.
I found a similar problem referenced by Sun's Bug ID 4115685 but it
is old and was related to NIS+ which we are not using.

I need to resolve this before I start upgrading our servers to Solaris 9
so any help would be greatly appreciated and of course I will summarize.

Thanks!



     _/_/_/      _/_/       _/     _/  Dan West - Senior Systems Analyst
    _/    _/    _/ _/      _/_/   _/   Computer Sciences Corporation
   _/     _/   _/  _/     _/ _/  _/    Contractor at EPA/ORD/NRMRL/GWERD
  _/     _/   _/_/ _/    _/  _/ _/
 _/     _/   _/    _/   _/   _/_/
_/_/_/_/    _/     _/  _/     _/
------------------------------------------------------------------------
  ** Disclaimer: Text reflects my opinions, not CSC's nor the EPA's. **
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Mon Jun 6 10:51:18 2005

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:47 EST