Patch-ID# 150545-02


Download this patch from My Oracle Support

Your use of the firmware, software and any other materials contained in this update is subject to My Oracle Support Terms of Use, which may be viewed at My Oracle Support.
For further information on patching best practices and resources, please see the following links:
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.

Keywords: security pam_ldap.so.1
Synopsis: SunOS 5.10: pam_ldap.so.1 patch
Date: Mar/09/2016


Install Requirements: NA

Solaris Release: 10

SunOS Release: 5.10

Unbundled Product:

Unbundled Release:

Xref: This patch available for x86 as patch 150546

Topic: SunOS 5.10: pam_ldap.so.1 patch

Relevant Architectures: sparc

Bugs fixed with this patch:

Sun CR # Bug #
17084621
17891694
21893004
22247245


Changes incorporated in this version: 21893004 22247245

Patches accumulated and obsoleted by this patch:

Patches which conflict with this patch:

Patches required with this patch: 118833-36 120011-14 127127-11 137137-09 142909-17 (or greater)

Obsoleted by:

Files included with this patch:

/usr/lib/security/pam_ldap.so.1
/usr/lib/security/sparcv9/pam_ldap.so.1

Problem Description:

21893004 problem with pam_ldap library
22247245 TLS LDAP logins no longer work post-21893004
 
(from 150545-01)
 
17084621 PAM should allow password qualification by LDAP server
17891694 pam_ldap module should use __pam_log() to log messages


Patch Installation Instructions:
--------------------------------
 
Please refer to the man pages for instructions on using 'patchadd'
and 'patchrm' commands provided with Solaris.
 
The following example installs a patch to a standalone machine:
 
       example# patchadd /var/spool/patch/123456-07
 
The following example removes a patch from a standalone system:
 
       example# patchrm 123456-07
 
For additional examples please see the appropriate man pages. Any
other special or non-generic installation instructions should be
described below as special instructions.


Special Install Instructions:
-----------------------------
 
NOTE 1:  The 17084621 fix implements the pam_ldap module's
         pam_sm_chauthtok function to functionality for the PAM
         password management stack to tie password management
         functionality to the functionality of the supporting LDAP
         server.  To allow password qualification for LDAP users to
         be done by the LDAP server, the password management updates
         section in /etc/pam.conf should consist of the following
         entries:
             other password requisite pam_authtok_get.so.1
             other password requisite pam_authtok_check.so.1 server_policy
             other password requisite pam_ldap.so.1
             other password required pam_authtok_store.so.1 server_policy


README -- Last modified date: Wednesday, March 9, 2016