07-05-2010
You never know with so called "tests". However, on newer machines, if a root account is present (which it does NOT have to be on newer Solaris, and such will be the case with Solaris 11), often times a password IS required or the account is not valid. So.. not sure what the test is looking for. In the old days, clearing out the root password was the easy way to break into a box for which the root password had been forgotten. You simply mounted up the filesystem (different box, or same box with a bootable CD) and took at the password hash for root. But on some newer OS's, non existent passwords are not allowed... well, they are allowed but the result is a locked account.... I'd have to google around to see what Solaris does now... but who knows what the "test" is looking for.
In OpenSolaris and future Solaris 11, root becomes a role and NOT an account by default... but it can easily be added for compatibility with the plethora of sw, etc. that still needs a root account.
10 More Discussions You Might Find Interesting
1. Solaris
Hello All,
I have several solaris boxes running Solaris 8. When changing root passwords on them, all will simply ask for the new root password to change and of course to re-type the new password. One of the systems however asks for the existing root password before it will display the new password... (8 Replies)
Discussion started by: tferrazz
8 Replies
2. Debian
hello friends,
one user is created named "user1"
I login as "user1" . Now when i do "su -" to be root user I have to give password for root .
Is there any way through which we can skip giving the password to root.
i.e.
user1@work:~$ su -
Password: xxxxxx
work:~$
I don't want that... (1 Reply)
Discussion started by: pradeepreddy
1 Replies
3. Solaris
I'm fairly inexperienced with LDAP and DSEE so to build my skills I installed directory server in the global zone of my Sol 10/u7 machine and created a zone to use as a client. For some reason when I try to change a users password as root (in the client zone) with passwd -r ldap I am prompted for... (1 Reply)
Discussion started by: ilikecows
1 Replies
4. Solaris
Hi All
Hope it's okay to post on this sub-forum, couldn't find a better place
I've got a 480R running solaris 8 with veritas volume manager managing all filesystems, including an encapsulated root disk (I believe the root disk is encapsulated as one of the root mirror disks has an entry under... (1 Reply)
Discussion started by: sunnyd76
1 Replies
5. UNIX for Dummies Questions & Answers
I've been through many threads before i decide to create a separate thread.
I can't really find the solution to my (simple) problem.
Here's what I'm trying to achieve:
As "canar" user I want to run a command, let's say "/opt/ocaml/bin/ocaml" as "duck" user.
The only to achieve this is to... (1 Reply)
Discussion started by: canar
1 Replies
6. Shell Programming and Scripting
i want to change user to "root" from another user while running a script. how can i automatically feed the password? for example, i want to write a script say "script.sh"... it will first run the command "p" as mhmn user, and then it will change the user to "root" by using "su - root" command. at... (1 Reply)
Discussion started by: mhmn
1 Replies
7. Shell Programming and Scripting
Can someone help in writing some script through which I can transfer file (scp) from root user in abc server to crt user in hfg server and can give the crt user password in script itself so that it doesn't prompt me every time for password (4 Replies)
Discussion started by: Moon1234
4 Replies
8. UNIX for Dummies Questions & Answers
Hi,
I tired changing password for mqm user in linux server with root user.
But still I couldn't able to login mqm user with changed password.
Can anyone please help on this.
# passwd mqm
Thanks,
Anusha (4 Replies)
Discussion started by: Anusha M
4 Replies
9. UNIX for Advanced & Expert Users
Hello Gurus,
I want One user to su to another without allowing root access and password.
I want to run a specific command as below from user am663:
---------------------------------------------------------
sudo -u appsprj4 /home/appsrj4/scripts/start_apache.sh
-------------------
But... (6 Replies)
Discussion started by: pokhraj_d
6 Replies
10. UNIX for Beginners Questions & Answers
Hi,
We have two LDAP servers. Whenever we get a ticket to reset the password, we login to LDAP primary server and reset the password. For below example, I logged into primary LDAP server and resetting password to john to Welcome123#
We are giving this work to tier-1 team, so that they can reset... (1 Reply)
Discussion started by: ron323232
1 Replies
LEARN ABOUT NETBSD
pam_ksu
PAM_KSU(8) BSD System Manager's Manual PAM_KSU(8)
NAME
pam_ksu -- Kerberos 5 SU PAM module
SYNOPSIS
[service-name] module-type control-flag pam_ksu [options]
DESCRIPTION
The Kerberos 5 SU authentication service module for PAM provides functionality for only one PAM category: authentication. In terms of the
module-type parameter, this is the ``auth'' feature. The module is specifically designed to be used with the su(1) utility.
Kerberos 5 SU Authentication Module
The Kerberos 5 SU authentication component provides functions to verify the identity of a user (pam_sm_authenticate()), and determine whether
or not the user is authorized to obtain the privileges of the target account. If the target account is ``root'', then the Kerberos 5 princi-
pal used for authentication and authorization will be the ``root'' instance of the current user, e.g. ``user/root@REAL.M''. Otherwise, the
principal will simply be the current user's default principal, e.g. ``user@REAL.M''.
The user is prompted for a password if necessary. Authorization is performed by comparing the Kerberos 5 principal with those listed in the
.k5login file in the target account's home directory (e.g. /root/.k5login for root).
The following options may be passed to the authentication module:
debug syslog(3) debugging information at LOG_DEBUG level.
use_first_pass If the authentication module is not the first in the stack, and a previous module obtained the user's password, that password
is used to authenticate the user. If this fails, the authentication module returns failure without prompting the user for a
password. This option has no effect if the authentication module is the first in the stack, or if no previous modules
obtained the user's password.
try_first_pass This option is similar to the use_first_pass option, except that if the previously obtained password fails, the user is
prompted for another password.
SEE ALSO
su(1), syslog(3), pam.conf(5), pam(8)
BSD
May 15, 2002 BSD