This security enhancement is new in the Developer 9/07 release.
The audit_user(4) database is no longer an access-restricted database. Existing Network Information Service Plus (NIS+) name servers can be updated with the command:
# nischmod nw+r audit_user |
Ensure the following conditions:
The SolarisAuditUser object class entries should be publicly readable. Existing LDAP directory name servers should not modify the SolarisAuditUser object class entries, SolarisAuditAlways and SolarisAuditNever acis, from the default, idsconfig(1M).
If the /usr/lib/ldap/idsconfig file has customized acis for the SolarisAuditAlways and SolarisAuditNever object class entries, the customized acis should allow anonymous read access.
Creating a new NIS name server using the installed ypmake(1M) creates an unrestricted audit_user database. Similarly, creating a new NIS+ name server using nissetup(1M) also creates an unrestricted audit_user database.
For more information, see the following:
audit_user(4) man page