On 01/05/09 15:43, Menno Lageman wrote:
> Steffen Weiberle wrote:
>> For my test zones, I usually don't set a password via /etc/sysidcfg.
>> Usually I don't configure ssh to allow root login, and the zones are
>> configured with limited network services (secure by default), so I
>> don't worry.
>> With build 105 (the one with Crossbow integrated), all of a sudden
>> zlogin fails if the zone does not have a root password. The error is
>> an incorrect password type of message.
>> # zlogin master
>> [Connected to zone 'master' pts/4]
>> Login incorrect
>> So does logging in on the console. The error messages for this on the
>> console are:
>> Jan 5 15:04:33 master login: pam_unix_account: zlogin: empty password
>> not allowed for account root from local host
>> Jan 5 15:04:33 master login: login account failure: Permission denied
>> Is this intentional, or a side effect (especially for zlogin)? I
>> looked for a flag day and did not find one. Not sure how long this has
>> been happening. I don't remember it with 101[a]. If not intentional, I
>> can file a bug.
> It's intentional and present since build 104. See
Thanks, Menno. Odd that my search did not hit that, maybe because I was
looking for zone specific stuff. I had wondered what security aspects
are involved in a 'zlogin', and now that answer is becoming clearer.
On 01/05/09 16:26, Dan Price wrote:
> I guess you are subject to the desires of the security folks here.
> I agree that it is mildly annoying.
> zlogin -S (failsafe) should still work, AFAIK.
Thanks, Dan. Yes, the '-S' still allows me to get into the zone. My
work-around was to edit the non-global zone's /etc/shadow file from the
global zone. Thank *zones* for centralized administration!!!
zones-discuss mailing list