For background on what this is, see:
http://www.opensolaris.org/jive/message.jspa?messageID=24416#24416
http://www.opensolaris.org/jive/message.jspa?messageID=25200#25200
==
security-discuss 11/16 - 11/30
==
Size of all threads du
In Solaris Express snv_53 there are "new" (for Solaris) user management
tools.
The "Users and Groups" tool has some basic RBAC stuff in it (though miss
labeled - I've filed a bug on that). It needs more IMO.
The nice thing about this tool is that it is actually using things like
useradd under
ity-discuss/attachments/20061206/035621b0/attachment.ksh>
On Wednesday, December 06, 2006 10:57:50 AM +0100 Bart Blanquart
wrote:
> pam_otp would never store anything in PAM_AUTHTOK:
>
> If PAM_AUTHTOK isn't set (in the example this happens the first time
> pam_otp is called) we'll ask the user if he wants to set a new
> authentication token by provi
On Wednesday, December 06, 2006 10:00:23 AM -0600 Nicolas Williams
wrote:
> On Tue, Dec 05, 2006 at 08:48:35PM -0500, Jeffrey Hutzelman wrote:
>> On Friday, December 01, 2006 05:41:57 PM -0600 Nicolas Williams
>> wrote:
>> > On Fri, Dec 01, 2006 at 05:52:53PM -0500, James Carlson wrote:
>> >>
On Wed, Dec 06, 2006 at 12:27:18PM -0500, Jeffrey Hutzelman wrote:
> On Wednesday, December 06, 2006 10:00:23 AM -0600 Nicolas Williams
> wrote:
> >On Tue, Dec 05, 2006 at 08:48:35PM -0500, Jeffrey Hutzelman wrote:
> >>If you're a NAS accepting a password from a user for authentication, why
> >>b
> I am not familiar with this "pam_secure_connection" magic of which
> you speak. That sounds like an impossible problem; pretty much
> anything you think is a "secure" connection could simply be to an
> intermediary with an insecure connection out the other side.
>
Indeed, but permitting f
On Tue, Dec 05, 2006 at 08:48:35PM -0500, Jeffrey Hutzelman wrote:
> On Friday, December 01, 2006 05:41:57 PM -0600 Nicolas Williams
> wrote:
> >On Fri, Dec 01, 2006 at 05:52:53PM -0500, James Carlson wrote:
> >>The only
> >>difference i
On Tue, Dec 05, 2006 at 08:42:33PM -0500, Jeffrey Hutzelman wrote:
> On Friday, December 01, 2006 05:16:21 PM -0500 James Carlson
> wrote:
> >It's really unfortunate that the NAS that needs the keys is not the
> >same box as the AAA server that can generate them or look them up.
>
> It's a separ
