Sam Freiberg wrote:
Any resolution on adding auth names that don't start with Solaris? I tried this
Solaris 10 u 3 and it also won't recognize anything that doesn't start with
Solaris. The man page explicitly says that you should use reverse DNS info to
avoid naming collisions but that doesn't seem to work.
I assume you mean assigning an authorisation to a user that doesn't
start 'solaris.' when running usermod(1M) as root.
In order to give out an authorisation you must have it yourself,
actually what you must have is <authname>.grant.
The root user by default has 'solaris.*' and 'solaris.grant' that means
that root can only grant authorisations from the solaris hierarchy.
This makes sense because we don't know what 'com.example' authorisations
mean and it might not be appropriate for root to have them.
They way you get around this is to give 'com.example.grant' to root by
manually editing /etc/user_attr with your editor of choice.
Then root will be able to use usermod(1M) to assign those to users.
This is not really a bug in useradd(1M) but possibly missing
documentation for an advanced use of authorisations.
--
Darren J Moffat
_______________________________________________
opensolaris-discuss mailing list
[EMAIL PROTECTED]
