TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ----------------------------------------------------------------------------
Hello, >... >which brings up another dilemma, if SSH is used to connect >to server, the server will not recognize any commands initiated from root. >We have tested this with RS, BSM, SSH enabled and we have the issue of root >user not being recognized and server locking up. Disable BSM and the root >issue is no longer an issue. But we have been told that BSM is needed for >RS, I can't find any concrete information that explains the how\why\what >BSM plays with RS, and if BSM is truly needed shouldn't there be some >collaborative effort to correct the issue with RS and BSM? It is not a problem of RealSecure. It is a problem of BSM and SSH. In Solaris, the necessary initializing of the audit for processes is done by the Solaris System "login" program and only by the "login" program. The "login" program sets the Audit ID and the audit pmask for the user who is logging in. The default values for audit (Audit ID, pmask) are NO AUDIT. Therefore, no activties for daemons are visible in the audit data. The SSH daemon has its own function for doing the login job. This function knows nothing about audit. Therefore, no activties for for SSH sessions are visible in the audit date. You can solve the problem by using SSH version 1.x.x with USELOGIN option. In with case, SSH uses for the login job the Solaris System "login" program. But only interactiv SSH session are visible. SSH version 2.x.x do not has this option. For full audit of SSH sessions you must patch the SSHd code with the necessary audit functions. Birk
