Patch-ID# 150546-02
Download this patch from My Oracle Support
Your use of the firmware, software and any other materials contained
in this update is subject to My Oracle Support Terms of Use, which
may be viewed at My Oracle Support.
|
For further information on patching best practices and resources, please
see the following links:
|
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
|
Keywords: security pam_ldap.so.1
Synopsis: SunOS 5.10_x86: pam_ldap.so.1 patch
Date: Mar/09/2016
Install Requirements: NA
Solaris Release: 10_x86
SunOS Release: 5.10_x86
Unbundled Product:
Unbundled Release:
Xref: This patch available for SPARC as patch 150545
Topic: SunOS 5.10_x86: pam_ldap.so.1 patch
Relevant Architectures: i386
Bugs fixed with this patch:
Changes incorporated in this version: 21893004 22247245
Patches accumulated and obsoleted by this patch:
Patches which conflict with this patch:
Patches required with this patch: 120012-14 127128-11 137138-09 (or greater)
Obsoleted by:
Files included with this patch:
/usr/lib/security/amd64/pam_ldap.so.1
/usr/lib/security/pam_ldap.so.1
Problem Description:
21893004 problem with pam_ldap library
22247245 TLS LDAP logins no longer work post-21893004
(from 150546-01)
17084621 PAM should allow password qualification by LDAP server
17891694 pam_ldap module should use __pam_log() to log messages
Patch Installation Instructions:
--------------------------------
Please refer to the man pages for instructions on using 'patchadd'
and 'patchrm' commands provided with Solaris.
The following example installs a patch to a standalone machine:
example# patchadd /var/spool/patch/123456-07
The following example removes a patch from a standalone system:
example# patchrm 123456-07
For additional examples please see the appropriate man pages. Any
other special or non-generic installation instructions should be
described below as special instructions.
Special Install Instructions:
-----------------------------
NOTE 1: The 17084621 fix implements the pam_ldap module's
pam_sm_chauthtok function to functionality for the PAM
password management stack to tie password management
functionality to the functionality of the supporting LDAP
server. To allow password qualification for LDAP users to
be done by the LDAP server, the password management updates
section in /etc/pam.conf should consist of the following
entries:
other password requisite pam_authtok_get.so.1
other password requisite pam_authtok_check.so.1 server_policy
other password requisite pam_ldap.so.1
other password required pam_authtok_store.so.1 server_policy
README -- Last modified date: Wednesday, March 9, 2016