SUMMARY: To use shadow passwds, do I need SYSAUDIT in kernel?

From: Janet Jackson (janet@cs.uwa.oz.au)
Date: Thu Aug 20 1992 - 22:56:55 CDT


In <janet.713781109@dunnart> janet@cs.uwa.oz.au (that's me) asked about this.
If you want to refresh your memory, I've quoted my original article below.

Out of the 4 people who replied (thanks, people!) two didn't seem to know
and two said no.

Ian Angles <ia@st-andrews.ac.uk> said:

> Basically, NO!. I did this with a few kernels, then wondered why it locked
> up.

> Sun explained to me as thus - login etc., call the routines in the kernel
> which are just stubs if you don't have SYSAUDIT enabled. When you do have
> SYSAUDIT enabled the kernel routines try and call things like the audit
> deamon and write to audit filesystems, which you probably won't have if
> you're only running shadow passwords.

Also, about the auditing UIDs (see below), Tim Ramsey <tar@math.ksu.edu>
said:

> You only need the auditing UIDs if you are using the C2 jumbo patch.

which I am.

Janet Jackson
<janet@cs.uwa.edu.au>
Systems Administrator
Department of Computer Science
The University of Western Australia

----------- My original article -----------

[This is for SunOS 4.1.1 on Sparcstations and Sun-4 servers.]

If I want to do Sun password shadowing without doing any of the C2 auditing,
do I need to build a kernel with the SYSAUDIT option enabled?

I already tried to convert to password shadowing but it didn't work because
(I'm told) I didn't create the auditing UIDs AUpwdauthd and AUyppasswdd.
I didn't think I'd need them, but according to various people, I do.
So maybe I need SYSAUDIT as well.

PLEASE REPLY BY EMAIL and I'll summarise.

My current kernel config file contains:

   #
   # The following options are for accounting and auditing. SYSAUDIT
   # should be removed unless you are using the C2 security features.
   #
   options SYSACCT # process accounting, see acct(2) & sa(8)
   #options SYSAUDIT # C2 auditing for security

----------- End of original article -------



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:06:48 CDT