Apologies for this off topic post, but I'm struggling as to where to go for
information.

For various reasons, primarily that the LDAP server needs to access the LDAP
repository, we are running one of our domains with OpenLDAP (the other domain
where we have a dedicated server runs iDS5 with no p

[ more ]  [ reply ]

In-Reply-To: <42D6965E55186940B08A1176E2F201400152EAE1 (at) rc2c-exch1.learningcurve (dot) com [email concealed]>

I'd like to thank everyone who responded with all the good info. I'll be reading for a while.

And thanks to the moderators who allowed this post.

[ more ]  [ reply ]

> From: "Wiest, Damian" <dmwiest (at) rc2corp (dot) com [email concealed]>
> To: "'Gregory Hicks'" <ghicks>
> Cc: "'focus-sun (at) securityfocus (dot) com [email concealed]'" <focus-sun (at) securityfocus (dot) com [email concealed]>
> Subject: RE: Security Configuration Settings?
> Date: Fri, 24 Sep 2004 13:36:55 -0500
>
[...snip...]
>
> > This tells the system to get ALL user inf

[ more ]  [ reply ]

> -----Original Message-----
> From: Gregory Hicks [mailto:ghicks (at) cadence (dot) com [email concealed]]
> Sent: Thursday, September 23, 2004 11:23 AM
> To: mr.nasty (at) ix.netcom (dot) com [email concealed]; focus-sun (at) securityfocus (dot) com [email concealed];
> jdavid (at) skynet (dot) be [email concealed]
> Subject: Re: Security Configuration Settings?

[snip]

> This tells the system to get ALL u

[ more ]  [ reply ]

> From: "Jan David" <jdavid (at) skynet (dot) be [email concealed]>
> Date: Thu, 23 Sep 2004 00:24:48 +0200
>
> The compat setting allows you to add an extra pseudo database called
> 'passwd_compat'. Here you can specify an alternative database, next to
> files.
>
> E.g.:
>
> passwd: compat
> passwd_compat: ldap
>
> The me

[ more ]  [ reply ]

Im in the process of trying to secure a SunOS name 5.8 Generic_108528-29 sun4u sparc SUNW,Sun-Fire-280R, using settings per http://sabernet.home.comcast.net/papers/Solaris.html. I have a few questions about the settings and due to the fact that this box is supposed to look as much like a producti

[ more ]  [ reply ]

The trick to changing passwords with the Kerberos on Solaris is to add this token to the krb5.conf in the [realms] section (inside of the definition for the realm):

kpasswd_protocol = SET_CHANGE

For example:

[realms]
AD.EXAMPLE.COM = {
kdc = ...:88
admin_server = ...:464
[...]
kpa

[ more ]  [ reply ]

Erwin,
Could you please share some of the problems that you had with MS Services
for UNIX. I have used combination of MS Services for UNIX and PAM LDAP in the
test lab environment without any significant problems.

Thanks Jas

|--------+------------------------>
| | Erwin

[ more ]  [ reply ]

We have been looking at a similar project except that it needs to be cross platform (Solaris and HP-UX).

We found some limitations in the SEAM product (and to be honest, HP's product as well) in that if the user was in too many Windows group the PAC (Privilege Access Certificate?) which gets tagged

[ more ]  [ reply ]

You know, I've often heard this statement (about SUID shell scripts being dangerous) without a good explanation -- too often the authoring citing "security concerns" for not explaining it (not that Brian did!)

For those who feel the same way, I found a reasonable explanation here:

http://www.faqs.

[ more ]  [ reply ]

Has anyone out there been very successful with completely integrating
Solaris 9 into Microsoft's Active Directory? This is what I'm hoping to do:

1. Use Kerberos on Solaris 9 via PAM to authenticate to AD using the
Windows username/password.
2. Use LDAP through NSS to get /etc/passwd and /etc/gr

[ more ]  [ reply ]

I would like to thank everyone who have shared their suggestions,
experiences, document links, etc... to my problem at hand. Please allow
me to summarize:

1. Use ndd -set /dev/tcp tcp_smallest_nonpriv_port [ < 1024 ]. Ndd
however, does not allow the value to be below 1024 (whether from
runlevel

[ more ]  [ reply ]