Patch-ID# 103885-04
Keywords: security keyboard lockup console authenticate NIS+ password
Synopsis: CDE 1.0.1_x86 dtlogin: patch for security issues
Date: Sep/16/97

Solaris Release: 2.4_x86 2.5_x86

SunOS Release: 5.4_x86 5.5_x86

Unbundled Product: CDE

Unbundled Release: 1.0.1_x86

Relevant Architectures: i386

Xref: This patch available for SPARC as patch 103884

BugId's fixed with this patch: 1205631 1253624 1258143 4005735

Changes incorporated in this version: 4067366

Patches accumulated and obsoleted by this patch: 

Patches which conflict with this patch: 

Patches required with this patch: 

Obsoleted by: 

Files included with this patch: 

	/usr/dt/bin/dtlogin
	/usr/dt/config/dtconfig.rc

Problem Description: 

    4067366 Core file from dtlogin expose user's unencrypted passwd.

    Incorporated from previous patch:

    4005735 CDE 1.1 dtlogin on Solaris 2.4 (and 1.0.x patch) has
            serious security hole.
    1205631 Dtlogin failed to detect an expired account.
    1253624 Keyboard lockup fix for console logins.
    1258143 Authenticate NIS+ passwords longer than 8 characters.

Patch Installation Instructions: 
-------------------------------- 
Refer to the Install.info file for instructions on using the
generic 'installpatch' and 'backoutpatch' scripts provided with
each patch.  Any other special or non-generic installation
instructions should be described below as special instructions.

Special Install Instructions: 
----------------------------- 

None.