On 18/06/2010 16:08, John Fischer wrote:
4.4 User Installed as Primary Administrator
The initial user installed by the Caiman installers have been given the
Primary
Administrator role. The committee pointed out that this role is going
away. The
issue was discussed in the Solaris Modernization case (PSARC/2010/067).
In that
case the project team agreed to modify the installers to:
"Primary Administrator" is a Rights Profile not a Role. The distinction
is very important. It is the fact that the profile is assigned directly
to a user rather than a role what was the whole problem.
Also "Primary Administrator" as a Rights Profile is not planned to "go
away".
The advice of the security team was not to assign "Primary
Administrator" to the initial user directly. The main reason this was
done early on in the Caiman GUI installer was because other technology
like the RBAC "Console User" profile wasn't available and neither was sudo.
1. remove the root password prompt
2. require an initial user login name and password
3. set the root password to the initial user password
4. the root is type=role
5. the initial user is granted the root role (type=normal;roles=root)
6. the initial user is put in /etc/sudoers -- presumable with all commands
7. the initial use is no longer granted the Primary Administrator Rights
Profile
"initial user"
8. the password hash algorithm is sha256
9. the root account password is installed as expired (passwd -f).
sp_lstchg == 0
username:password:lastchg:min:max:warn:inactive:expire:flag
sp_namp:sp_pwdp:sp_lstchg:sp_min:sp_max:sp_inact:ex_expire:sp_flag
That is all fine.
The specification for this case will be modified to reflect this
requirement and
deposited in the case directory as commitment materials (Appendix C -
[1]). The
committee was fine with the issue.
5. Minority Opinion(s)
None
6. Advisory Information
None
7. Appendices
7.1 Appendix A: Technical Changes Required
None
7.2 Appendix B: Technical Changes Advised
None
7.3 Appendix C: Reference Material
Unless otherwise stated, path names are relative to the case directory
(PSARC/2010/165).
1.commitment.materials/PSARC-Questionnaire.txt
Standard PSARC Questionnaire
2.commitment.materials/ARC-CoverPage.html
ARC cover page describing the case and documents included for review
3.commitment.materials/designdocv2.0.9.odt
Text Installer Design Document Open Document Text format
4.commitment.materials/designdocv2.0.9.pdf
Text Installer Design Document Portable Document Format
5.commitment.materials/spec10-21.html
Solaris Caiman Text-based Installer UI Specification non-graphical format
On 06/17/10 06:17 PM, John Fischer wrote:
PSARC members,
The project team has provided updated materials which have been placed
under
the commitment.materials directory. There is now an ARC cover page
(ARC-CoverPage.html) which describes the changes between the inception
and
commitment materials.
I have also added the attached draft opinion which is in the top level
directory.
There is also an HTML version of the draft opinion in the case directory.
Please review these new materials and the draft opinion. Either
provide feedback
or vote on the case by COB Wednesday, June 30th, 2010.
Thanks,
John
_______________________________________________
opensolaris-arc mailing list
opensolaris-arc@opensolaris.org
--
Darren J Moffat
_______________________________________________
opensolaris-arc mailing list
opensolaris-arc@opensolaris.org
