All That is Gold Does Not Glitter

Enable remote login after installing trusted extensions on Solaris

Thursday Nov 29, 2007

I got this from Jan Parcel, a sun colleague. I think it is quite useful

 In most cases step 3,4 and 5(svcadm enable rlogin) suffice.


1.  Keep root as a user (it can ALSO be a role, you can add it as a role to
  users without making root a role.
  
   (by adding roles=root to the user's line in /etc/user_attr)
   
2.  Keep 0.0.0.0 as admin_low in /etc/security/tsol/tnrhdb

3.  As with all Solaris systems, comment out the CONSOLE entry in
   /etc/default/login
   
4.  Make these changes to /etc/pam.conf:

    --  add information to allow rlogin, note USE TABS not spaces.

       Modify /etc/pam.conf
       From:   other   account requisite       pam_roles.so.1
       To:     other   account requisite       pam_roles.so.1 allow_remote

       From:   other   account required  pam_tsol_account.so.1
       To:     other   account required  pam_tsol_account.so.1 allow_unlabeled


5.  As with all Solaris systems, re-enable rlogin via svcadm, or just reboot.
I always reboot.

 

[0] Comments
Like this post? del.icio.us | furl | slashdot | technorati | digg
Posted at 10:21AM Nov 29, 2007 by atishay in learnSolarisByExample
Tags:
Comments:

Post a Comment:
  • HTML Syntax: NOT allowed