My original question was:
> All I want is a list of and description of the privs in the tcb files. root
> has a whole lot, most of which seem self-explanatory. Users don't have any.
>
> There is no reference to them in any of the man pages, and I searched the
> entire 3.2c dxbook library (any idea how long that takes? :-)
My Thanks to: Spider Boardman spider_at_orb.nashua.nh.us
for pointing out that none of those priv entries are yet used. Many other
files under /tcb are still not used in 3.2C
And...
> And while I'm here, if the above answers don't solve this, here is one
> problem I believe is related: Users can't change their passwords or shells
> or GECOS info.
My thanks to the following for responses:
matthewm_at_sgate.com (Michael Matthews)
newcomer_at_dickinson.edu (Don Newcomer)
karnott_at_falcon.tamucc.edu (Kent Arnott)
martin_at_jerry.alf.dec.com (Martin Moore)
root_at_net.bluemoon.net (Blue Moon Network Administrator) [J. Henry Priebe Jr. ]
haymanr_at_icefog.sois.alaska.edu (Randy M. Hayman)
Randy pointed out that those entries are not used and pointed me to some
programs to check the status of the system (eg authck).
A debt of gratitude to Spider Boardman for spending quite some time
tracking down the problem.
Through the use of auditmask and audit_tool we tracked down that the login
process had no audit_id and could therefore not run passwd.
In the end it turned out that the answer was that we are using sshd and had
compiled and installed sshd before we installed C2 security. Reconfiguring
sshd and recompiling made it detect the C2 security and compile in the
appropriate libraries to set the correct flags and id's.
Password changing now works fine.
[ Still looking for ideas for preventing change of real name while allowing
change of phone & office ]
--
[=======================================================================]
[ Kevin Lentin |finger kevinl_at_fangorn.cs.monash.edu.au| ]
[ K.Lentin_at_cs.monash.edu.au |for PGP public key block. Fingerprint | ]
[ Macintrash: 'Just say NO!' |6024308DE1F84314 811B511DBA6FD596 | ]
[=======================================================================]
Received on Sun Jan 28 1996 - 07:59:32 NZDT