hit counter
   
 

Random ramblings of a paranoid git
"The question is not if you are paranoid, it is if you are paranoid enough."


All | Security | Work | Wine & Dine | Leisure

   
« Previous day (Nov 25, 2007) | Main | Next day (Nov 27, 2007) »
   
20071126 Monday November 26, 2007
root as a role and zlogin
Permalink | | 2007-11-26 13:30

If you have turned root into a role in a zone and try to use zlogin from the global zone to log in as root you will see something like this: 

root@global# zlogin zn1
[Connected to zone 'zn1' pts/2]
Login incorrect

[Connection to zone 'zn1' pts/2 closed]

This is because pam.conf is by default configured to prevent this, as roles must only be assumed by authorized users.

If you trust the ones who can become root in the global zone, you can change this restriction by adding the following line to pam.conf 

zlogin  account required        pam_unix_account.so.1

Now you can zlogin directly to a role without having to first log in to a normal user: 

root@global# zlogin zn1
[Connected to zone 'zn1' pts/2]
Sun Microsystems Inc.   SunOS 5.11      snv_75  October 2007
root@zn1#
   
 
   
XML
« November 2007 »
SunMonTueWedThuFriSat
    
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
       
Today

Old entries

Bloggtoppen.se
OpenSolaris: Love at First Boot