 |
≫ |
|
|
|
パッチ名: PHCO_36465
パッチ摘要: s700_800 11.11 passwd(1)累積パッチ
作成日: 07/04/27
公開日: 07/06/19
ハードウェアプラットフォームおよびOSリリース:
s700: 11.11
s800: 11.11
現象:
PHCO_36465:
(SR:8606480624 CR:JAGag34699)
シャドウモードの場合、passwdコマンドが引き数-x、-nおよび-wの値を"週"の
倍数に丸めます。
問題点の説明:
PHCO_36465:
(SR:8606480624 CR:JAGag34699)
passwdコマンドのオプション-x、-nおよび-wはパスワードエージングの値を定
義します。標準システムでは、エージング情報は"週"単位で/etc/passwdに格
納されるので、これらの値を"週"の倍数に丸める必要があります。ところが、
シャドウパスワードを使用するシステムでも、passwdコマンドは不正に、パス
ワードエージング値を丸めていました。
解決方法:
シャドウパスワードを使用するシステムの場合は、/etc/defaultディレクトリ
内に"DO_NOT_ROUND_PW_AGING"というファイルがあるかどうかチェックし、
このファイルがあれば、引き数-x、-nおよび-wの値を"週"の倍数に丸めないよ
うにpasswdコマンドを修正しました。このファイルがない場合のpasswdコマン
ドの動作は従来どおりです(つまり、エージング値を丸めます)。
/etc/default/DO_NOT_ROUND_PW_AGINGファイルは、手動で作成しなければなり
ません。このファイルを使用するのはこのリリースだけです。今後のリリース
では、シャドウパスワードを使用するシステムの場合、エージング値を丸めな
いようにpasswdコマンドを修正します。
このパッチは、標準システムや高信頼性システムには影響を与えません。
-----------------------------------------------------------------------------
Patch Name: PHCO_36465
Patch Description: s700_800 11.11 passwd(1) cumulative patch
Creation Date: 07/04/27
Post Date: 07/06/19
Hardware Platforms - OS Releases:
s700: 11.11
s800: 11.11
Products: N/A
Filesets:
OS-Core.UX-CORE,fr=B.11.11,fa=HP-UX_B.11.11_32/64,v=HP
Automatic Reboot?: No
Status: General Release
Critical: No
Category Tags:
defect_repair enhancement general_release
Path Name: /hp-ux_patches/s700_800/11.X/PHCO_36465
Symptoms:
PHCO_36465:
( SR:8606480624 CR:JAGag34699 )
In shadow mode the passwd command rounds the -x,
-n and -w argument values to a multiple of a week.
PHCO_33214:
( SR:8606398952 CR:JAGaf58917 )
The passwd command does not recover gracefully from
some error conditions.
PHCO_29125:
( SR:8606273831 CR:JAGae37913 )
Cannot change dialup passwords in /etc/d_passwd.
( SR:8606288367 CR:JAGae52298 )
On a trusted system, information reported to the audit
log by chfn(1), chsh(1) and passwd(1) could be incorrect.
PHCO_27041:
( SR:8606221280 CR:JAGad90414 )
This patch is a member of a set of product updates needed
to enable the optional HP-UX shadow password feature.
Upon installation, the HP-UX shadow password bundle
(ShadowPassword) will install the full set of products
(including this patch) to enable the shadow password
feature.
If the HP-UX shadow password product is not installed,
this patch will have no impact on your system.
Defect Description:
PHCO_36465:
( SR:8606480624 CR:JAGag34699 )
The passwd command -x, -n and -w option arguments define
values for password aging. On a standard system, these
values must be rounded up to a multiple of a week, because
the aging information in /etc/passwd is stored as weeks.
The passwd command also improperly rounds the password
aging values on systems using shadow passwords.
Resolution:
On systems using shadow passwords, the passwd command
checks for the existence of a file in the /etc/default
directory called "DO_NOT_ROUND_PW_AGING"; if this file
exists, then the passwd command does not round the
-x, -n and -w argument values to a multiple of a week;
if this file does not exist, then the behavior of the
passwd command is unchanged (aging values are rounded).
The /etc/default/DO_NOT_ROUND_PW_AGING file must be
created manually. The use of this file is specific
to this release; in a future release the behavior of
the passwd command will be changed to never round aging
values for systems that are using shadow passwords.
Standard systems and trusted systems are not affected
by this patch.
PHCO_33214:
( SR:8606398952 CR:JAGaf58917 )
Changing a password does not work as expected under some
conditions.
Resolution:
The passwd command now works as expected.
PHCO_29125:
( SR:8606273831 CR:JAGae37913 )
"passwd -F /etc/d_passwd" does not correctly update
dialup passwords.
Resolution:
Modified passwd(1) to properly update dialup passwords.
( SR:8606288367 CR:JAGae52298 )
Under some circumstances chfn(1), chsh(1) and passwd(1)
could report incorrect information in the audit log.
Resolution:
Modified the passwd(1) command to report correct
information in the audit log. The chfn(1) and chsh(1)
commands are hard linked to the passwd(1) command.
PHCO_27041:
( SR:8606221280 CR:JAGad90414 )
Enhancement request: HP-UX 11.11 does not support shadow
passwords.
Resolution:
This module has been made aware of shadow passwords and
will take the appropriate actions when the HP-UX shadow
password bundle is installed.
Enhancement:
No (superseded patches contained enhancements)
PHCO_27041:
This patch is one of many pre-enablement patches
for the shadow password feature.
SR:
8606480624 8606221280 8606273831 8606288367 8606398952
Patch Files:
OS-Core.UX-CORE,fr=B.11.11,fa=HP-UX_B.11.11_32/64,v=HP:
/usr/bin/passwd
/usr/bin/chfn
/usr/bin/chsh
/usr/bin/nispasswd
/usr/bin/yppasswd
what(1) Output:
OS-Core.UX-CORE,fr=B.11.11,fa=HP-UX_B.11.11_32/64,v=HP:
/usr/bin/passwd:
$Revision: @(#) passwd R11.11_BL2007_0427_1 PATCH_11
.11 PHCO_36465
/usr/bin/chfn:
$Revision: @(#) passwd R11.11_BL2007_0427_1 PATCH_11
.11 PHCO_36465
/usr/bin/chsh:
$Revision: @(#) passwd R11.11_BL2007_0427_1 PATCH_11
.11 PHCO_36465
/usr/bin/nispasswd:
$Revision: @(#) passwd R11.11_BL2007_0427_1 PATCH_11
.11 PHCO_36465
/usr/bin/yppasswd:
$Revision: @(#) passwd R11.11_BL2007_0427_1 PATCH_11
.11 PHCO_36465
cksum(1) Output:
OS-Core.UX-CORE,fr=B.11.11,fa=HP-UX_B.11.11_32/64,v=HP:
148683113 53248 /usr/bin/passwd
148683113 53248 /usr/bin/chfn
148683113 53248 /usr/bin/chsh
148683113 53248 /usr/bin/nispasswd
148683113 53248 /usr/bin/yppasswd
Patch Conflicts: None
Patch Dependencies: None
Hardware Dependencies: None
Other Dependencies: None
Supersedes:
PHCO_33214 PHCO_29125 PHCO_27041
Equivalent Patches:
PHCO_36426:
s700: 11.23
s800: 11.23
PHCO_36523:
11.31
Patch Package Size: 50 KBytes
Installation Instructions:
Please review all instructions and the Hewlett-Packard
SupportLine User Guide or your Hewlett-Packard support terms
and conditions for precautions, scope of license,
restrictions, and, limitation of liability and warranties,
before installing this patch.
------------------------------------------------------------
1. Back up your system before installing a patch.
2. Login as root.
3. Copy the patch to the /tmp directory.
4. Move to the /tmp directory and unshar the patch:
cd /tmp
sh PHCO_36465
5. Run swinstall to install the patch:
swinstall -x autoreboot=true -x patch_match_target=true \
-s /tmp/PHCO_36465.depot
By default swinstall will archive the original software in
/var/adm/sw/save/PHCO_36465. If you do not wish to retain a
copy of the original software, include the patch_save_files
option in the swinstall command above:
-x patch_save_files=false
WARNING: If patch_save_files is false when a patch is installed,
the patch cannot be deinstalled. Please be careful
when using this feature.
For future reference, the contents of the PHCO_36465.text file is
available in the product readme:
swlist -l product -a readme -d @ /tmp/PHCO_36465.depot
To put this patch on a magnetic tape and install from the
tape drive, use the command:
dd if=/tmp/PHCO_36465.depot of=/dev/rmt/0m bs=2k
Special Installation Instructions: None
|
