>I don't understand the advantage of diff vs. -newer. The latter is >simpler so why not use it? My suggested workaround also deals with the >case where the copy doesn't exist yet.
diff would correct a bad copy that is more recent than the original >As you've noted, the /etc/shadow file in the labeled zones is not used >by the desktop software. Just for remote login, e.g. ssh. So, while not >a perfect workaround, it is likely to satisfy the customer. Ultimately >the customer should be using ldap to keep passwords in sync. Does ldap work with ssh? Customers who want ssh often want it because ipsec for TX is not implemented. So some customers tell me that ssh is only method of getting encrypted traffic. I have no idea if that is the issue with this cu. >--Glenn >> The reason for removing /usr/bin/passwd from the labeled zones is that >> it operates on the local end, instead of the global zone shadow file, so >> any changes get overmounted or discarded or something next zone reboot. >> >> (I have been unable to check the exact mechanism here because shutting down >> the zones does not appear to umount passwd and shadow.) >> >> >> >>> -- Jeff @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Jan Parcel, Sustaining, Trusted OE Internal Trusted Support Pages: http://trusted.sfbay
