On 01/05/09 15:43, Menno Lageman wrote: > Steffen Weiberle wrote: >> For my test zones, I usually don't set a password via /etc/sysidcfg. >> Usually I don't configure ssh to allow root login, and the zones are >> configured with limited network services (secure by default), so I >> don't worry. >> >> With build 105 (the one with Crossbow integrated), all of a sudden >> zlogin fails if the zone does not have a root password. The error is >> an incorrect password type of message. >> >> # zlogin master >> [Connected to zone 'master' pts/4] >> Login incorrect >> >> >> So does logging in on the console. The error messages for this on the >> console are: >> >> Jan 5 15:04:33 master login: pam_unix_account: zlogin: empty password >> not allowed for account root from local host >> Jan 5 15:04:33 master login: login account failure: Permission denied >> >> >> Is this intentional, or a side effect (especially for zlogin)? I >> looked for a flag day and did not find one. Not sure how long this has >> been happening. I don't remember it with 101[a]. If not intentional, I >> can file a bug. > > It's intentional and present since build 104. See > http://opensolaris.org/os/community/on/flag-days/pages/2008111501/ > > Menno
Thanks, Menno. Odd that my search did not hit that, maybe because I was looking for zone specific stuff. I had wondered what security aspects are involved in a 'zlogin', and now that answer is becoming clearer. On 01/05/09 16:26, Dan Price wrote: [...] > > I guess you are subject to the desires of the security folks here. > I agree that it is mildly annoying. > > zlogin -S (failsafe) should still work, AFAIK. > > -dp Thanks, Dan. Yes, the '-S' still allows me to get into the zone. My work-around was to edit the non-global zone's /etc/shadow file from the global zone. Thank *zones* for centralized administration!!! Steffen _______________________________________________ zones-discuss mailing list zones-discuss@opensolaris.org
