OBSOLETE Patch-ID# 141030-10

Download this patch from My Oracle Support

Your use of the firmware, software and any other materials contained in this update is subject to My Oracle Support Terms of Use, which may be viewed at My Oracle Support.

For further information on patching best practices and resources, please see the following links:

Keywords: security passwdutil iig idsconfig indexing nss_ldap getbymember _success _dbop_group_bymember core ldap_cachemgr hang password native dsconf passwd nisplus corruption nisd udp
Synopsis: Obsoleted by: 142436-04 SunOS 5.10: passwd patch
Date: Mar/24/2010

Install Requirements: After installing this patch on an active boot environment, the system will be in a potentially inconsistent state until a reboot is performed. Unless
otherwise specified in the Special Install Instructions below, it is normally safe to apply further patches prior to initiating the reboot due to the relatively small footprint of the patch utilities. Normal operations must not be resumed until after the reboot is performed.
Use Single User Mode (run level S) when installing this patch on an active boot environment. An alternative may be specified in the Special Install Instructions.

Solaris Release: 10

SunOS Release: 5.10

Unbundled Product:

Unbundled Release:

Xref: This patch available for x86 as patch 141031

Topic: SunOS 5.10: passwd patch

Relevant Architectures: sparc

Bugs fixed with this patch:

Sun CR #	Bug #
4300326	15009963
4622166	15092882
4796766	15139071
4904603	15172125
6225117	15247587
6329516	15289166
6466160	15348463
6493513	15361194
6509374	15369712
6537549	15385840
6561249	15399234
6563443	15400475
6580192	15409663
6585350	15412503
6615693	15430011
6619071	15432127
6626381	15436456
6633347	15440652
6636228	15442403
6644077	15447183
6669386	15461585
6677547	15466241
6699250	15479049
6715171	15487762
6715843	15488224
6737284	15501488
6740382	15503472
6740474	15503522
6741305	15504041
6774895	15524694
6793742	15535321
6797378	15537409
6805959	15542352
6810407	15544894
6832170	15557591
6839693	15562104
6842419	15563716
6844186	15564844
6856084	15572943
6863709	15577833
6864296	15578101
6890468	15595828
6895515	15599442
6901652	15603848

Changes incorporated in this version: 6619071

Patches accumulated and obsoleted by this patch: 122085-01 138046-02 138263-03 138874-05 139504-01 139568-01 139935-01 139948-01 140144-01 140146-01 140165-01 140167-01 140391-03 140917-02 141022-02 141542-01

Patches which conflict with this patch:

Patches required with this patch: 118833-36 120011-14 127127-11 137137-09 139555-08 (or greater)

Obsoleted by: 142436-04

Files included with this patch:

/lib/libnsl.so.1
/lib/llib-lnsl
/lib/llib-lnsl.ln
/lib/nss_dns.so.1
/lib/nss_nisplus.so.1
/lib/sparcv9/libnsl.so.1
/lib/sparcv9/llib-lnsl.ln
/lib/sparcv9/nss_dns.so.1
/lib/sparcv9/nss_nisplus.so.1
/usr/bin/chkey
/usr/bin/nisaddcred
/usr/bin/passwd
/usr/include/rpcsvc/nispasswd.h
/usr/include/rpcsvc/nispasswd.x
/usr/lib/ldap/idsconfig
/usr/lib/ldap/ldap_cachemgr
/usr/lib/libsldap.so.1
/usr/lib/llib-lpasswdutil.ln
/usr/lib/nss_ldap.so.1
/usr/lib/passwdutil.so.1
/usr/lib/security/pam_authtok_check.so.1
/usr/lib/security/pam_authtok_get.so.1
/usr/lib/security/pam_authtok_store.so.1
/usr/lib/security/pam_dhkeys.so.1
/usr/lib/security/pam_ldap.so.1
/usr/lib/security/pam_passwd_auth.so.1
/usr/lib/security/pam_unix_account.so.1
/usr/lib/security/pam_unix_auth.so.1
/usr/lib/security/sparcv9/pam_authtok_check.so.1
/usr/lib/security/sparcv9/pam_authtok_get.so.1
/usr/lib/security/sparcv9/pam_authtok_store.so.1
/usr/lib/security/sparcv9/pam_dhkeys.so.1
/usr/lib/security/sparcv9/pam_ldap.so.1
/usr/lib/security/sparcv9/pam_passwd_auth.so.1
/usr/lib/security/sparcv9/pam_unix_account.so.1
/usr/lib/security/sparcv9/pam_unix_auth.so.1
/usr/lib/sparcv9/libsldap.so.1
/usr/lib/sparcv9/llib-lpasswdutil.ln
/usr/lib/sparcv9/nss_ldap.so.1
/usr/lib/sparcv9/passwdutil.so.1
/usr/sbin/ldapaddent
/usr/sbin/ldapclient
/usr/sbin/newkey
/usr/sbin/nscd
/usr/sbin/rpc.nisd
/usr/sbin/rpc.nispasswdd

Problem Description:

6619071 when LDAP config'd w/ mult. auth. methods, nscd keeps creating connections if 1st auth. method fails
 
(from 141030-09)
 
6895515 nscd aborting in libumem
 
(from 141030-08)
 
6810407 schema defined in idsconfig.sh is not strictly compliant with RFC 4512 Syntax
6842419 idsconfig(1M) fails to set up an LDAP server a second time
6890468 idsconfig must support DS 7.x
6901652 nscd could better handle running out of naming enumeration contexts
 
(from 141030-07)
 
6863709 nscd dumps core after receiving SIGHUP
 
(from 141030-06)
 
6856084 Sparks DNS backend should return canonical name before aliases
6864296 private __res_ndestroy interface may now be removed from dns_common.c
 
(from 141030-05)
 
6563443 nisaddcred and chkey have issues in md5 password encryption with passwords > eight characters
6839693 ldapclient init w/profile with more than 16 objectClassMaps core dumped on Solaris 10 x86
 
(from 141030-04)
 
	This revision accumulates generic Sustaining patch 138874-05
        into Solaris S10U8 update.
 
(from 141030-03)
 
	This revision accumulates generic Sustaining patch 138874-04
        into Solaris S10U8 update.
 
(from 141030-02)
 
	This revision accumulates generic Sustaining patch 138874-03
        into Solaris S10U8 update.
 
(from 141030-01)
 
	This revision accumulates generic Sustaining patch 138874-02
        into Solaris S10U8 update.
 
(from 138874-05)
 
6805959 per-user nscd doesn't reap child processes after these exited, such child processes remain as zombies
 
(from 138874-04)
 
4904603 disable ldaplist to not show userpassword attribute or just user logged in
6615693 nscd only checks the file_dac_read check privilege and not the euid for access to the shadow file
6832170 Compat behavior change on Sol 10u6 10/08, no longer adheres to the use of *LK* in the /etc/shadow
 
(from 138874-03)
 
4622166 ldapaddent does not escape some special characters in DN for exec_attr, services and tnrhtp database
6844186 fix for 6715843 incomplete in Solaris 10 patch gate
 
(from 138874-02)
 
4796766 idsconfig and ldapaddent should support project database
6329516 unlimited password guesses allowed
6509374 idsconfig doesn't create container for projects
6580192 nss_ldap: __ns_ldap_endEntry() called twice by top_down_search()
6677547 Native LDAP client to disable vlv searches for netgroups
6715171 nss_ldap and passwdutil do not support all shadowAccount attributes
6715843 ldapaddent is not accepting a one character entry for the tnrhtp file
6797378 'ldapaddent -d passwd' does not print 'x' for the password field
 
(from 138874-01)
 
6561249 idsconfig prints out incorrect information for VLV indexing when run against DS5.2 & 6.0
 
(from 139935-01)
 
        This revision accumulates generic Sustaining patch 139568-01
        into Solaris S10U7 update.
 
(from 139568-01)
 
6585350 nss_nisplus: getbymember() does not follow NSS_DBOP_GROUP_BYMEMBER protocol
6669386 nss_ldap getbymember always returns NSS_SUCCESS
 
(from 139948-01)
 
        This revision accumulates generic Sustaining patch 139504-01
        into Solaris S10U7 update.
 
(from 139504-01)
 
6493513 changing password (in files repository) dumps core when libumem is in effect
 
(from 140165-01)
 
        This revision accumulates generic Sustaining patch 140144-01
        into Solaris S10U7 update.
 
(from 140144-01)
 
6774895 Solaris 10 ldap_cachemgr hang
 
(from 140167-01)
 
        This revision accumulates generic Sustaining patch 140146-01
        into Solaris S10U7 update.
 
(from 140146-01)
 
6740474 confusing 'password too short' message from Native LDAP
 
(from 140391-03)
 
6699250 nscd core dumps in NIS do_getent
6741305 nscd core file generated during storage pool reconfig
 
(from 140391-02)
 
6633347 nscd (sparks) can give inconsistent name resolution if started without a resolv.conf file
 
(from 140391-01)
 
        This revision accumulates generic Sustaining patch 138263-03
        into Solaris S10U7 update.
 
(from 138263-03)
 
6737284 nscd does not return NSS_TRYLOCAL for foreign NSS backends for enumerated searches when using compat
6740382 nscd needs improved permission checking
 
(from 138263-02)
 
        This revision accumulates generic Sustaining patch 138046-02
        into Solaris S10U6 update.
 
(from 138263-01)
 
        This revision accumulates generic Sustaining patch 138046-01
        into Solaris S10U6 update.
 
(from 138046-02)
 
6537549 nscd dies with SIGPIPE
 
(from 138046-01)
 
6636228 foreign NSS backends, nscd does not return NSS_TRYLOCAL when processing getgroupsbymember
6644077 nscd rejects foreign nsswitch backends
 
(from 122085-01)
 
6225117 passwd -r nisplus -e username will corrupt the user's passwd
 
(from 141022-02)
 
	his revision accumulates generic Sustaining  patch 140917-02
	into Solaris S10U8 update.
 
(from 141022-01)
 
	This revision accumulates generic Sustaining  patch 140917-01
	into Solaris S10U8 update.
 
(from 140917-02)
 
6793742 libnsl memory leak with "dail()" function call in strsave
 
(from 140917-01)
 
4300326 UDP replies from rpcbind and mountd can be sent with wrong source address
6466160 rpc.nisd can hang for 3-4 minutes attempting NIS+ callback if connection to client silently fails
6626381 rpc.nisd on subdomain-replica deadlocked when trying to access NIS+ admin group in cache

Patch Installation Instructions:

--------------------------------
 
Please refer to the man pages for instructions on using 'patchadd'
and 'patchrm' commands provided with Solaris.
 
The following example installs a patch to a standalone machine:
 
       example# patchadd /var/spool/patch/123456-07
 
The following example removes a patch from a standalone system:
 
       example# patchrm 123456-07
 
For additional examples please see the appropriate man pages. Any
other special or non-generic installation instructions should be
described below as special instructions.

Special Install Instructions:

-----------------------------
 
None.

README -- Last modified date: Saturday, November 10, 2012