Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Annoying Solaris/CDE/NIS+ bug
From: myers () VERIO NET (Allen Myers - Verio Consulting Group)
Date: Wed, 14 Oct 1998 13:43:45 -0700


]       [On Oct 13, Frank Cusack wrote:]
]        Subject: Re: Annoying Solaris/CDE/NIS+ bug
] dbell <dbell () BWAY NET> writes:
]
] > I didn't see this, or anything similar to it in the archives, but please
] > forgive me if it's well known:
] >
] > If a Solaris 2.6 host is a NIS+ client, and any user other than root is
] > running CDE at the console, CDE's screen locking feature does not work.
] > Any random string is sufficient to unlock to console. Obviously, this is
]
] The bug has nothing to do with NIS+. The CDE screenlocker (dtsession)
] accepts either the user's password or the root password to unlock
] the screen.

Not true. I've seen this at several sites (and root's password was
_definitely_ not empty). Here's the first paragraph from Sun's bug
report...

------------------------ 8< ------------------------------------------
Bug Id: 4115685
Category: cde
Subcategory: screenlock
State: integrated
Synopsis: CDE screen lock not working properly for nis+ users
Description:
login in as a nis+ user, using lock from CDE front panel, screen locks
but at the prompt any password, even no password unlocks the screen.
root user doesn't have this problem.  Xlock doesnot have this problem.
multiple machines have the same problem.  all the recommended patches
are installed, problem happens even for newly defined users.
------------------------ 8< ------------------------------------------

]
] When root doesn't have a password, it accepts anything. A bug? hardly.
] Install a root password.

see above ...

]
] [...]
]
] --
] Frank Cusack       + Today's Haiku   No keyboard present
] Icon CMT Corp.     + error message:  Hit F1 to continue
] PGP: C001AA75      +                 Zen engineering?
]-- End of excerpt from <fcusack () ICONNET NET>



--

- Allen

                 V E R I O  Consulting Group
_____________________________________________________________________

Allen Myers . Chief Technology Officer              url: socal.verio.net
e: myers () verio net                                    t: 800/273.5600
8001 Irvine Center Drive                              t: 949/450.8400
Suite 1200                                            f: 949/450.8410
Irvine, CA 92618-2934              24 hour Tech Support: 888/306.4638
_____________________________________________________________________

Black holes are where God divided by zero.



  By Date           By Thread  

Current thread:
  • Re: Annoying Solaris/CDE/NIS+ bug Allen Myers - Verio Consulting Group (Oct 14)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault