SSH login does not recognize on Solaris 11.4.
search cancel

SSH login does not recognize on Solaris 11.4.

book

Article ID: 209856

calendar_today

Updated On:

Products

CA Privileged Access Manager - Server Control (PAMSC)

Issue/Introduction

After installation of PAMSC 14.1 CP02, LOGIN event of SSH login does not appear in audit log.

Environment

OS: Solaris 11.4
Product: Symantec Privileged Access Manager Server Control 14.1 CP2

Cause

The problem is 64-bit specific and appeared only recently because 64-bit sshd is used on Solaris recently.

Resolution

Change from PAMlogin to none at loginflags and loginseq(SGRP SEID) as following selang command:
PAMSC> er LOGINAPPL LIB_SSH loginflags(none) loginseq(SGRP SEID)

 

Additional Information

If loginseq does not change at change on loginflags, it appears 2 LOGIN event.  One is correct user and the other is root.
And then, this environment does not catch failed login.  So, serevu does not work.
 
This also occurs on other login programs that are 64bit module, such as /usr/bin/login (USR_BIN_LOGIN) or /bin/login (BIN_LOGIN) via telnet login.
 
Powered by Wolken Software