OBSOLETE Patch-ID# 138874-05


Download this patch from My Oracle Support

Your use of the firmware, software and any other materials contained in this update is subject to My Oracle Support Terms of Use, which may be viewed at My Oracle Support.
For further information on patching best practices and resources, please see the following links:
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.

Keywords: security idsconfig indexing nss_ldap getbymember nss_success nss_dbop_group_bymember core ldap_cachemgr hang password native dsconf pwd-strong-check-enabled nscd nsswitch nss foreign backends
Synopsis: Obsoleted by: 141030-04 SunOS 5.10: Native LDAP, PAM, name-service-switch patch
Date: Aug/17/2009


Install Requirements: After installing this patch on an active boot environment, the system will be in a potentially inconsistent state until a reboot is performed. Unless
otherwise specified in the Special Install Instructions below, it is normally safe to apply further patches prior to initiating the reboot due to the relatively small footprint of the patch utilities. Normal operations must not be resumed until after the reboot is performed.
Use Single User Mode (run level S) when installing this patch on an active boot environment. An alternative may be specified in the Special Install Instructions.

Solaris Release: 10

SunOS Release: 5.10

Unbundled Product:

Unbundled Release:

Xref: This patch available for x86 as patch 138875

Topic: SunOS 5.10: Native LDAP, PAM, name-service-switch patch

Relevant Architectures: sparc

Bugs fixed with this patch:

Sun CR # Bug #
462216615092882
479676615139071
490460315172125
632951615289166
649351315361194
650937415369712
653754915385840
656124915399234
658019215409663
658535015412503
661569315430011
663334715440652
663622815442403
664407715447183
666938615461585
667754715466241
669925015479049
671517115487762
671584315488224
673728415501488
674038215503472
674047415503522
674130515504041
677489515524694
679737815537409
680595915542352
683217015557591
684418615564844


Changes incorporated in this version: 6805959

Patches accumulated and obsoleted by this patch: 138046-02 138263-03 139504-01 139568-01 139935-01 139948-01 140144-01 140146-01 140165-01 140167-01 140391-03

Patches which conflict with this patch:

Patches required with this patch: 118833-36 120011-14 127127-11 137137-09 (or greater)

Obsoleted by: 141030-04

Files included with this patch:

/lib/nss_dns.so.1
/lib/nss_nisplus.so.1
/lib/sparcv9/nss_dns.so.1
/lib/sparcv9/nss_nisplus.so.1
/usr/bin/passwd
/usr/lib/ldap/idsconfig
/usr/lib/ldap/ldap_cachemgr
/usr/lib/libsldap.so.1
/usr/lib/llib-lpasswdutil.ln
/usr/lib/nss_ldap.so.1
/usr/lib/passwdutil.so.1
/usr/lib/security/pam_authtok_check.so.1
/usr/lib/security/pam_authtok_get.so.1
/usr/lib/security/pam_authtok_store.so.1
/usr/lib/security/pam_dhkeys.so.1
/usr/lib/security/pam_ldap.so.1
/usr/lib/security/pam_passwd_auth.so.1
/usr/lib/security/pam_unix_account.so.1
/usr/lib/security/pam_unix_auth.so.1
/usr/lib/security/sparcv9/pam_authtok_check.so.1
/usr/lib/security/sparcv9/pam_authtok_get.so.1
/usr/lib/security/sparcv9/pam_authtok_store.so.1
/usr/lib/security/sparcv9/pam_dhkeys.so.1
/usr/lib/security/sparcv9/pam_ldap.so.1
/usr/lib/security/sparcv9/pam_passwd_auth.so.1
/usr/lib/security/sparcv9/pam_unix_account.so.1
/usr/lib/security/sparcv9/pam_unix_auth.so.1
/usr/lib/sparcv9/libsldap.so.1
/usr/lib/sparcv9/llib-lpasswdutil.ln
/usr/lib/sparcv9/nss_ldap.so.1
/usr/lib/sparcv9/passwdutil.so.1
/usr/sbin/ldapaddent
/usr/sbin/ldapclient
/usr/sbin/nscd

Problem Description:

6805959 per-user nscd doesn't reap child processes after these exited, such child processes remain as zombies
 
(from 138874-04)
 
4904603 disable ldaplist to not show userpassword attribute or just user logged in
6615693 nscd only checks the file_dac_read check privilege and not the euid for access to the shadow file
6832170 Compat behavior change on Sol 10u6 10/08, no longer adheres to the use of *LK* in the /etc/shadow
 
(from 138874-03)
 
4622166 ldapaddent does not escape some special characters in DN for exec_attr, services and tnrhtp database
6844186 fix for 6715843 incomplete in Solaris 10 patch gate
 
(from 138874-02)
 
4796766 idsconfig and ldapaddent should support project database
6329516 unlimited password guesses allowed
6509374 idsconfig doesn't create container for projects
6580192 nss_ldap: __ns_ldap_endEntry() called twice by top_down_search()
6677547 Native LDAP client to disable vlv searches for netgroups
6715171 nss_ldap and passwdutil do not support all shadowAccount attributes
6715843 ldapaddent is not accepting a one character entry for the tnrhtp file
6797378 'ldapaddent -d passwd' does not print 'x' for the password field
 
(from 138874-01)
 
6561249 idsconfig prints out incorrect information for VLV indexing when run against DS5.2 & 6.0
 
(from 139935-01)
 
        This revision accumulates generic Sustaining patch 139568-01
        into Solaris S10U7 update.
 
(from 139568-01)
 
6585350 nss_nisplus: getbymember() does not follow NSS_DBOP_GROUP_BYMEMBER protocol
6669386 nss_ldap getbymember always returns NSS_SUCCESS
 
(from 139948-01)
 
        This revision accumulates generic Sustaining patch 139504-01
        into Solaris S10U7 update.
 
(from 139504-01)
 
6493513 changing password (in files repository) dumps core when libumem is in effect
 
(from 140165-01)
 
        This revision accumulates generic Sustaining patch 140144-01
        into Solaris S10U7 update.
 
(from 140144-01)
 
6774895 Solaris 10 ldap_cachemgr hang
 
(from 140167-01)
 
        This revision accumulates generic Sustaining patch 140146-01
        into Solaris S10U7 update.
 
(from 140146-01)
 
6740474 confusing 'password too short' message from Native LDAP
 
(from 140391-03)
 
6699250 nscd core dumps in NIS do_getent
6741305 nscd core file genererated during storage pool reconfig
 
(from 140391-02)
 
6633347 nscd (sparks) can give inconsistent name resolution if started without a resolv.conf file
 
(from 140391-01)
 
        This revision accumulates generic Sustaining patch 138263-03
        into Solaris S10U7 update.
 
(from 138263-03)
 
6737284 nscd does not return NSS_TRYLOCAL for foreign NSS backends for enumerated searches when using compat
6740382 nscd needs improved permission checking
 
(from 138263-02)
 
        This revision accumulates generic Sustaining patch 138046-02
        into Solaris S10U6 update.
 
(from 138263-01)
 
        This revision accumulates generic Sustaining patch 138046-01
        into Solaris S10U6 update.
 
(from 138046-02)
 
6537549 nscd dies with SIGPIPE
 
(from 138046-01)
 
6636228 foreign NSS backends, nscd does not return NSS_TRYLOCAL when processing getgroupsbymember
6644077 nscd rejects foreign nsswitch backends


Patch Installation Instructions:
--------------------------------
 
Please refer to the man pages for instructions on using 'patchadd'
and 'patchrm' scripts provided with Solaris.
 
The following example installs a patch to a standalone machine:
 
       example# patchadd /var/spool/patch/123456-07
 
The following example removes a patch from a standalone system:
 
       example# patchrm 123456-07
 
For additional examples please see the appropriate man pages. Any
other special or non-generic installation instructions should be
described below as special instructions.


Special Install Instructions:
-----------------------------
 
NOTE 1:  Before installing this patch, please be sure to install the latest
         patch utilities patches for your OS. This list of patches is defined
         at http://sunsolve.sun.com
 
         Please use the pull down list which appears after the text:
         "Latest Patch Update: To ensure the correct functioning of the
         patching utilities on your system, stay up to date on the
         following patches"


README -- Last modified date: Saturday, November 10, 2012