If you unlock a locked CDE session, all your cached Kerberos Version 5 (krb5) credentials might be removed, and you might not be able to access various system utilities. This problem occurs under the following conditions.
In the /etc/pam.conf file, the dtsession services for your system are configured to use the krb5 module by default.
You lock your CDE session, and then try to unlock the session.
If this problems occurs, the following error message is displayed.
lock screen: PAM-KRB5 (auth): Error verifying TGT with host/host-name: Permission denied in replay cache code |
Workaround: Add the following non-pam_krb5 dtsession entries to the /etc/pam.conf file.
dtsession auth requisite pam_authtok_get.so.1 dtsession auth required pam_unix_auth.so.1 |
With these entries in the /etc/pam.conf file, the pam_krb5 module does not run by default.
The CDE Calendar server daemon (rpc.cmsd) might run out of file descriptors. If this problem occurs, calendar users can view their calendar, but cannot add new appointments. An Unknown Error message is displayed.
Workaround: Choose one of the following workarounds.
If this problem occurs, follow these steps.
Become superuser on the calendar server.
Kill the calendar server daemon.
# pkill rpc.cmsd |
By default, the rpc.cmsd service is enabled in the /etc/inetd.conf file, and does not need to be restarted. If the rpc.cmsd service is disabled on the calendar server, you must restart the rpc.cmsd daemon after you kill the daemon process.
To avoid this problem, apply patch ID 112617-01.
See the SunSolveSM Web site at http://sunsolve.sun.com for patches for previous releases of the Solaris operating environment.
The Removable Media auto run functionality in the CDE desktop environment has been temporarily removed from the Solaris 9 operating environment to mitigate potential security issues.
To use the auto run functionality for a CD-ROM or another removable media volume, you must do one of the following:
Run the volstart program from the top level of the removable media file system
Follow the instructions included with the CD for access from outside of CDE
For the latest information on security issues and patches, check the SunSolve web site at http://sunsolve.sun.com. All security patches are available from the SunSolve site without a support contract.
In the Solaris 9 operating environment, locked accounts are treated in the same way as expired or nonexistent accounts. As a result, the cron, at, and batch utilities cannot schedule jobs on locked accounts.
Workaround: To enable locked accounts to accept cron, at, or batch jobs, replace the password field of a locked account (*LK*) with the string NP (for no password.)