OBSOLETE Patch-ID# 113476-13


Download this patch from My Oracle Support

Your use of the firmware, software and any other materials contained in this update is subject to My Oracle Support Terms of Use, which may be viewed at My Oracle Support.
For further information on patching best practices and resources, please see the following links:
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.

Keywords: security plugin password hashing algorithm blowfish pam ldap
Synopsis: Obsoleted by: 112960-14 SunOS 5.9: usr/lib/passwdutil.so.1 pam_ldap Patch
Date: Apr/14/2004


Install Requirements: Reboot after installing this patch to activate the changes delivered. An alternative may be specified in the Special Install Instructions.

Solaris Release: 9

SunOS Release: 5.9

Unbundled Product:

Unbundled Release:

Xref: This patch available for x86 as patch 114242

Topic: SunOS 5.9: usr/lib/passwdutil.so.1 pam_ldap Patch

Relevant Architectures: sparc

Bugs fixed with this patch:

Sun CR # Bug #
419282414976333
424843014991642
435782715033608
439005315044908
465862515101844
466001915102238
467094715104853
467759115106215
468212015107078
468352215107404
470060215111319
470930015113607
474370715122748
474611415123422
474744115123814
475139415124992
475463415125999
475611315126396
476550615129205
476814015130134
477460715132194
479371915137997
480563515142235
483040615150065
487393915162814
487474915163012
487779615163918
488790615166914
489023315167626


Changes incorporated in this version: 4887906

Patches accumulated and obsoleted by this patch: 113152-01 113166-01

Patches which conflict with this patch:

Patches required with this patch: 112874-10 112960-03 (or greater)

Obsoleted by: 112960-14

Files included with this patch:

/usr/lib/libpam.so.1
/usr/lib/llib-lpasswdutil
/usr/lib/llib-lpasswdutil.ln
/usr/lib/passwdutil.so.1
/usr/lib/security/pam_authtok_check.so.1
/usr/lib/security/pam_authtok_get.so.1
/usr/lib/security/pam_authtok_store.so.1
/usr/lib/security/pam_dhkeys.so.1
/usr/lib/security/pam_ldap.so.1
/usr/lib/security/pam_passwd_auth.so.1
/usr/lib/security/pam_unix_account.so.1
/usr/lib/security/pam_unix_auth.so.1
/usr/lib/security/sparcv9/pam_authtok_check.so.1
/usr/lib/security/sparcv9/pam_authtok_get.so.1
/usr/lib/security/sparcv9/pam_authtok_store.so.1
/usr/lib/security/sparcv9/pam_dhkeys.so.1
/usr/lib/security/sparcv9/pam_ldap.so.1
/usr/lib/security/sparcv9/pam_passwd_auth.so.1
/usr/lib/security/sparcv9/pam_unix_account.so.1
/usr/lib/security/sparcv9/pam_unix_auth.so.1
/usr/lib/sparcv9/libpam.so.1
/usr/lib/sparcv9/llib-lpasswdutil.ln
/usr/lib/sparcv9/passwdutil.so.1

Problem Description:

4887906 pam_sm_chauthtok() returns 13 (PAM_USER_UNKNOWN) if lastchg=0 for local users
 
(from 113476-12)
 
4890233 using 'use_first_pass' for pam_ldap does not work
 
(from 113476-11)
 
4746114 libpam internationalized messages are off by 1 for locale != C
4793719 pam_authtok_check.so.1::circ() too space-conservative
4805635 root may change enduser password in NIS+ without entering its own password
4877796 passwd (passwdutil) inadvertently resets aging information
 
(from 113476-10)
 
4873939 pam and compat does not work after applying patch 108993-18
 
(from 113476-09)
 
4874749 passwd -x modifies the lastchg field also in /etc/shadow file
 
(from 113476-08)
 
4765506 NIS+ password problems with Solaris 9
4768140 passwd core dumps when changing shell
 
(from 113476-07)
 
4774607 pam_ldap gets confused when root tries to change user's password
 
(from 113476-06)
 
4830406 passwdutil is too dumb to handle NIS+ subdomains correctly
 
(from 113476-05)
 
4743707 non-default nsswitch backends confuse passwdutil.so.1
4747441 pam_authtok_store does not map all the PWU errors to PAM errors
4751394 non decisive modules should not return PAM_SUCCESS
4754634 passwd command seg faults when updating user can't be authenticated to LDAP
 
(from 113476-04)
 
4756113 libc version number is incorrect in s9u2
 
(from 113476-03)
 
4709300 passwd fails if the pam_authtok_store service was specified with server_policy
 
(from 113476-02)
 
4670947 logins failing when NIS is backend for authentication
 
(from 113476-01)
 
        This patch revision was generated to accumulate and obsolete
        the changes introduced in Solaris Update: s9u2
        feature point patches: 113152-01 113166-01
 
(from 113152-01)
 
4357827 pam_ldap should fully support password aging
4677591 implement PSARC/2002/241 - PAM binding control flag
4660019 nss_ldap.so may return non '-1' values for getspnam()
4682120 get/set_item conversation function tracing needs improvement.
4658625 pam_framework doesn't trace pam_chauthtok PAM_TRY_AGAIN return.
4683522 pam_get_data tracing could improve.
 
(from 113166-01)
 
4390053 crypt(3c) needs to interoperate with *BSD and Linux
4248430 RFE: NIS+ should support alternate encryption algorithms for the user
4192824 newkey/chkey should use a configurable crypt() to encrypt the users p
4700602 crypt_gensalt should be version SUNW_1.22 instead of SUNW_1.21


Patch Installation Instructions:
--------------------------------
 
For Solaris 2.0-2.6 releases, refer to the Install.info file and/or
the README within the patch for instructions on using the generic
'installpatch' and 'backoutpatch' scripts provided with each patch.
 
For Solaris 7-9 releases, refer to the man pages for instructions
on using 'patchadd' and 'patchrm' scripts provided with Solaris.
Any other special or non-generic installation instructions should be
described below as special instructions.  The following example
installs a patch to a standalone machine:
 
       example# patchadd /var/spool/patch/104945-02
 
The following example removes a patch from a standalone system:
 
       example# patchrm 104945-02
 
For additional examples please see the appropriate man pages.


Special Install Instructions:
-----------------------------
 
NOTE 1: To get the complete Flexible Crypt feature, please install the
        following patches:
 
        112874-06       (or newer)      libc
        113475-01       (or newer)      libsecurity crypt
        113480-01       (or newer)      pam_unix Patch
        113481-01       (or newer)      nispasswdd
        113482-01       (or newer)      sbin/sulogin
        113483-01       (or newer)      rpc.ypasswdd
 
NOTE2:  To get the complete fix for the bug 4765506, please install
        the following patch in addition to this patch:
 
        113319-14       (or newer)      rpc.nispasswdd


NOTE: The list of 'patches required with this patch' (above) has been
modified from the list specified at patch creation time. The reason for
the modification is that one or more of the required patches was
either never released or withdrawn after its release. The following
substitutions (which are guaranteed to satisfy the original requirements)
were therefore made:

112874-10 replaces 112874-06




README -- Last modified date: Friday, November 9, 2012