Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1998_4

Bugtraq archives for 4th quarter (Oct-Dec) 1998: Re: Annoying Solaris/CDE/NIS+ bug

Re: Annoying Solaris/CDE/NIS+ bug

Frank Cusack (fcusackICONNET.NET)
Tue, 13 Oct 1998 21:03:16 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Kevin Littlejohn: "Re: Referer (was Patches for wwwboard.pl)"
Previous message: Pavel Machek: "/tmp race in mc-4.5.0"

dbell <dbellBWAY.NET> writes:

> I didn't see this, or anything similar to it in the archives, but please
> forgive me if it's well known:
>
> If a Solaris 2.6 host is a NIS+ client, and any user other than root is
> running CDE at the console, CDE's screen locking feature does not work.
> Any random string is sufficient to unlock to console. Obviously, this is

The bug has nothing to do with NIS+. The CDE screenlocker (dtsession)
accepts either the user's password or the root password to unlock
the screen.

When root doesn't have a password, it accepts anything. A bug? hardly.
Install a root password.

[...]

--
Frank Cusack       + Today's Haiku   No keyboard present
Icon CMT Corp.     + error message:  Hit F1 to continue
PGP: C001AA75      +                 Zen engineering?

Next message: Kevin Littlejohn: "Re: Referer (was Patches for wwwboard.pl)"
Previous message: Pavel Machek: "/tmp race in mc-4.5.0"