Sarah Jelinek wrote: > > Really? Ok, I admit I don't know a lot about this, so I have been > reading the docs on this to understand what is available to us, and it > states there is a System Administrator rights profile:
You are correct I just typed it wrong when I grepped for it in prof_attr(4) so I didn't get a hit! [feels suitably embarrassed! ]. > We were planning on using useradd() for adding the user data. And, then > add the password data by hand after. How are you planning on constructing the hashed password then ? > The pam stuff isn't something we > considered. We would need to take a look at this, how it might work in > the miniroot or on first reboot and how we might be able to enable the > use of this. At the very least you need to use crypt_gensalt(3C) and crypt(3C) to construct the hashed password if you don't use PAM. Using PAM won't work well in the miniroot. The reason you need to use crypt_gensalt(3C) is so that when we in Solaris security land change the default value of CRYPT_DEFAULT in policy.conf you won't have to change your code! > Part of my ambiguity on the answers to your comments is that we haven't > had the chance to look very closely at this yet. But, you have given us > a lot of good data which helps. I'm happy to help out more, if you can point me to the source I'd be happy to prototype this for you. -- Darren J Moffat
