test

Solaris 9 (SPARC Platform Edition) 9/02 Release Notes

Security Bugs

Unlocking CDE Screenlock Removes Kerberos Version 5 Credentials (4674474)

If you unlock a locked CDE session, all your cached Kerberos version 5 (krb5) credentials might be removed. The result is you might not be able to access various system utilities. This problem occurs under the following conditions.

If this problem occurs, the following error message is displayed.


lock screen: PAM-KRB5 (auth): Error verifying TGT with host/host-name:
Permission denied in replay cache code

Workaround: Add the following non-pam_krb5 dtsession entries to the /etc/pam.conf file. 


dtsession auth requisite pam_authtok_get.so.1
dtsession auth required  pam_unix_auth.so.1

With these entries in the /etc/pam.conf file, the pam_krb5 module does not run by default.

CDE Removable Media Auto Run Capability Removed From the Solaris 9 9/02 Operating Environment (4483353)

The Removable Media auto run capability in the CDE desktop environment has been temporarily removed from the Solaris 9 9/02 operating environment. This capability has been removed to mitigate potential security issues.

To use the auto run function for a CD-ROM or another removable media volume, you must do one of the following:

Note -

For the latest information on security issues and patches, check the SunSolve web site at http://sunsolve.sun.com. All security patches are available from the SunSolve site without a support contract.

cron, at, and batch Cannot Schedule Jobs for Locked Accounts (4622431)

In the Solaris 9 9/02 operating environment, locked accounts are treated in the same way as expired or nonexistent accounts. As a result, the cron, at, and batch utilities cannot schedule jobs on locked accounts.

Workaround: To enable locked accounts to accept cron, at, or batch jobs, replace the password field of a locked account (*LK*) with the string NP, for no password.