I have an environment with multiple servers running Solaris 10 05/08 with TX. Each of our servers are LDAP clients to an DSEE 6.3 LDAP server. Each client utilizes LDAP account managment via there pam.conf.
Is it possible to have an Solaris RBAC role SSH from one client to another client? I followed the procedure "Howto Enable Roles to Log In Remotely" on page 101 of the Admin procedures and when I attempt to SSH from the global zone as a role to a different servers global zone as the same role I get a permission denied. As another test I tried to ssh to localhost as that same role and I am still getting permission denied. Each server has the other defined as a CIPSO host and I know SSH is functioning properley becasue I can ssh as root from any global zone to another global zone just fine. Root in our enviornment is a user. Thanks for any help. This message posted from opensolaris.org
