Skip to content

Instantly share code, notes, and snippets.

@alanc
Created August 24, 2023 00:58
Show Gist options
  • Save alanc/90fb6c1234c55fd6c55f221e3ad598bd to your computer and use it in GitHub Desktop.
Save alanc/90fb6c1234c55fd6c55f221e3ad598bd to your computer and use it in GitHub Desktop.
Changes to core OS man pages in Oracle Solaris 11.4 SRU 60
17775524 useradd man page lists wrong default group
23632404 FMA should provide new event notification flag for ASR
24949290 iostat: add option to have a separator line between two samples
24949541 iostat -n should show devchassis-path names
28248938 problem in KERNEL/ARCH-X86
28675575 AMD cpu features need to be updated
29062151 problem in KERNEL/ARCH-X86
30396890 zoneadm coredumps while moving native or solaris10 BZ
30418745 zoneadm move -x force-zpool-import with missing pool to import crashes
33150286 Provide a property to enable or disable SMF-8000-YX ASR generation at individual service level
33909072 Create a solaris maintenance mode to disable ASR events
34102242 dtrace(8) should reference /etc/driver/drv, not /etc/kernel/drv
34317286 Zone test fails to clear physical-memory limit for zone due to weird number in parameter
34366058 S10 branded zone leads to NFSv4 server panic after delegated check
34428096 SVR4 tools man pages should drop reference to keystore & related options
34754801 pam_krb5 shouldn't hardcode KRB5CCNAME
34794457 FCInfo man page to be udpated with Tabular and Parsable options
34955784 swap and dump configuration should be stored in the zvols not /etc/
35091825 Update admhist(8) for PSARC/2022/169
35140982 Add support for Python 3.11 to RAD
35145193 mv and cp should have options to call fsync to prevent data loss.
35164075 There should be an fsync command
35171635 Fix minor typos in misc. man pages
35227585 Update smf(7) man page for PSARC/2023/039
35255795 Assorted fixes for PAM man pages
35353751 core_set_process_content(3c) lists the wrong include file
35367181 route(8) should document how to set defaultrouter
35510594 pcie_pci(4D) man page should be replaced with pcieb(4D)
35510946 mcxe(4d) man page not delivered on SPARC
35510956 Fix missing, incorrect, or inconsistent Architecture attribute in man pages
PSARC 2023/042 Minimum NFS Server Grace Period
PSARC/2019/104 Add option to iostat to print separator line between two samples
PSARC/2019/105 Add option to iostat to print devchassis-path names
PSARC/2022/097 Modify SVR4 tools to stop using OpenSSL interfaces
PSARC/2022/169 Display a summary of SMF audit records.
PSARC/2023/032 Moving ZFS swap and dump volume configuration out of /etc
PSARC/2023/034 fsync command and fsync for mv
PSARC/2023/039 Notification Delay Property
PSARC/2023/044 Extend maintenance mode, svccfg(8) and coreadm(8) to configure Automated Service Requests (ASR)
Copyright (c) 1983, 2023, Oracle and/or its affiliates.
diff -NurbBw 11.4.57/man1/cp.1 11.4.60/man1/cp.1
--- 11.4.57/man1/cp.1 2023-08-23 17:32:50.217561201 -0700
+++ 11.4.60/man1/cp.1 2023-08-23 17:33:19.180382437 -0700
@@ -6,28 +6,28 @@
cp - copy files
SYNOPSIS
- /usr/bin/cp [-Pfipz@/] source_file target_file
+ /usr/bin/cp [-PSfipz@/] source_file target_file
- /usr/bin/cp [-Pfipz@/] source_file... target
+ /usr/bin/cp [-PSfipz@/] source_file... target
- /usr/bin/cp -r [-H | -L | -P] [-fipz@/] source_dir... target
+ /usr/bin/cp -r [-H | -L | -P] [-Sfipz@/] source_dir... target
- /usr/bin/cp -R [-H | -L | -P] [-fipz@/] source_dir... target
+ /usr/bin/cp -R [-H | -L | -P] [-Sfipz@/] source_dir... target
- /usr/xpg4/bin/cp [-Pfipz@/] source_file target_file
+ /usr/xpg4/bin/cp [-PSfipz@/] source_file target_file
- /usr/xpg4/bin/cp [-Pfipz@/] source_file... target
+ /usr/xpg4/bin/cp [-PSfipz@/] source_file... target
- /usr/xpg4/bin/cp -r [-H | -L | -P] [-fipz@/] source_dir... target
+ /usr/xpg4/bin/cp -r [-H | -L | -P] [-Sfipz@/] source_dir... target
- /usr/xpg4/bin/cp -R [-H | -L | -P] [-fipz@/] source_dir... target
+ /usr/xpg4/bin/cp -R [-H | -L | -P] [-Sfipz@/] source_dir... target
DESCRIPTION
In the first synopsis form, neither source_file nor target_file are
@@ -129,6 +129,9 @@
-R Same as -r, except pipes are replicated, not read from.
+ -S Call fsync(2) on the target file's file descriptor.
+
+
-z Fast Copy. cp will reflink the source and destination files. For
more information, see the reflink(3C) man page.
@@ -330,8 +333,9 @@
+-----------------------------+-----------------------------+
SEE ALSO
- chmod(1), chown(1), utime(2), fgetattr(3C), attributes(7), environ(7),
- fsattr(7), locale(7), privileges(7), standards(7)
+ chmod(1), chown(1), fsync(1), fsync(2), utime(2), fgetattr(3C),
+ attributes(7), environ(7), fsattr(7), locale(7), privileges(7), stan-
+ dards(7)
NOTES
The permission modes of the source file are preserved in the copy.
@@ -343,4 +347,4 @@
-Oracle Solaris 11.4 3 Nov 2021 cp(1)
+Oracle Solaris 11.4 28 Mar 2023 cp(1)
diff -NurbBw 11.4.57/man1/fsync.1 11.4.60/man1/fsync.1
--- 11.4.57/man1/fsync.1 1969-12-31 16:00:00.000000000 -0800
+++ 11.4.60/man1/fsync.1 2023-08-23 17:33:19.210161492 -0700
@@ -0,0 +1,32 @@
+fsync(1) User Commands fsync(1)
+
+
+
+NAME
+ fsync - fsync paths
+
+SYNOPSIS
+ /usr/bin/fsync [path ...]
+
+DESCRIPTION
+ For each path listed open the file and call fsync(2) on the file
+ descriptor.
+
+
+ If no path is specified then fsync(2) is called on standard output.
+
+EXIT STATUS
+ The following exit values are returned:
+
+ 0 fsync(2) succeeded for every path.
+
+
+ >0 An error occurred.
+
+
+SEE ALSO
+ mv(1),fsync(2)
+
+
+
+Oracle Solaris 11.4 8 March 2023 fsync(1)
diff -NurbBw 11.4.57/man1/mv.1 11.4.60/man1/mv.1
--- 11.4.57/man1/mv.1 2023-08-23 17:32:50.274497131 -0700
+++ 11.4.60/man1/mv.1 2023-08-23 17:33:19.250915603 -0700
@@ -6,16 +6,16 @@
mv - move files
SYNOPSIS
- /usr/bin/mv [-finu] source target_file
+ /usr/bin/mv [-Sfinu] source target_file
- /usr/bin/mv [-finu] source... target_dir
+ /usr/bin/mv [-Sfinu] source... target_dir
- /usr/xpg4/bin/mv [-finu] source target_file
+ /usr/xpg4/bin/mv [-Sfinu] source target_file
- /usr/xpg4/bin/mv [-finu] source... target_dir
+ /usr/xpg4/bin/mv [-Sfinu] source... target_dir
DESCRIPTION
In the first synopsis form, the mv utility moves the file named by the
@@ -106,6 +106,17 @@
file or when the target is missing.
+ -S When moving within a file system mv opens each regular file and
+ calls fsync(2) on the file descriptor before renaming the file.
+ After the rename has been completed open the target directory and
+ run fsync(2) on that file descriptor.
+
+ When moving between file systems mv calls fsync(2) on the target
+ file's file descriptor and opens the target directory and runs
+ fsync(2) on that file descriptor before unlinking the source
+ file.
+
+
/usr/bin/mv
Specifying both the -f and the -i options is not considered an error.
The -f option overrides the -i, -n, and -u options. The -i option over-
@@ -178,8 +189,8 @@
+-----------------------------+-----------------------------+
SEE ALSO
- cp(1), cpio(1), ln(1), rm(1), chmod(2), attributes(7), environ(7),
- fsattr(7), privileges(7), standards(7)
+ cp(1), cpio(1), fsync(1), ln(1), rm(1), chmod(2), fsync(2),
+ attributes(7), environ(7), fsattr(7), privileges(7), standards(7)
NOTES
A -- permits the user to mark explicitly the end of any command line
@@ -200,4 +211,4 @@
-Oracle Solaris 11.4 3 Nov 2021 mv(1)
+Oracle Solaris 11.4 28 Mar 2023 mv(1)
diff -NurbBw 11.4.57/man1/passwd.1 11.4.60/man1/passwd.1
--- 11.4.57/man1/passwd.1 2023-08-23 17:32:50.320930450 -0700
+++ 11.4.60/man1/passwd.1 2023-08-23 17:33:19.295018894 -0700
@@ -814,6 +814,11 @@
Solaris 11.1.17 and a Solaris 10 patch.
+ The solaris.passwd.nocheck authorization was added in Solaris 11.1.0.
+ Prior to that, password complexity checks were skipped if passwd was
+ run by a user with a user id of 0.
+
+
Support for NIS+, including the -D option, and the nisplus repository
argument for the -r option, was removed in Solaris 11.0.0.
@@ -854,4 +859,4 @@
-Oracle Solaris 11.4 3 Nov 2021 passwd(1)
+Oracle Solaris 11.4 15 Mar 2023 passwd(1)
diff -NurbBw 11.4.57/man1/pkgtrans.1 11.4.60/man1/pkgtrans.1
--- 11.4.57/man1/pkgtrans.1 2023-08-23 17:32:50.352645787 -0700
+++ 11.4.60/man1/pkgtrans.1 2023-08-23 17:33:19.326163490 -0700
@@ -6,7 +6,7 @@
pkgtrans - translate package format
SYNOPSIS
- pkgtrans [-inosg] [-k keystore] [-a alias] [-P passwd] device1 device2
+ pkgtrans [-inos] device1 device2
[pkginst]...
DESCRIPTION
@@ -16,9 +16,6 @@
o a file system format to a datastream
- o a file system format to a signed datastream
-
-
o a datastream to a file system format
@@ -28,52 +25,22 @@
OPTIONS
The options and arguments for this command are:
- -a alias Use public key certificate associated with friendlyName
- alias, and the corresponding private key. See KEYSTORE
- LOCATIONS and KEYSTORE AND CERTIFICATE FORMATS in
- pkgadd(8) for more information.
-
-
- -g Sign resulting datastream.
-
-
-i Copies only the pkginfo(5) and pkgmap(5) files.
- -k keystore Use keystore to retrieve private key used to generate
- signature. If it not specified, default locations are
- searched to find the specified private key specified by
- -a. If no alias is given, and multiple keys exist in the
- key store, pkgtrans will abort. See KEYSTORE LOCATIONS
- and KEYSTORE AND CERTIFICATE FORMATS in pkgadd(8) for
- more information on search locations and formats.
-
- When running as a user other than root, the default base
- directory for certificate searching is ~/.pkg/security,
- where ~ is the home directory of the user invoking pkg-
- trans.
-
-
- -n Creates a new instance of the package on the destination
- device if any instance of this package already exists,
- up to the number specified by the MAXINST variable in
- the pkginfo(5) file.
+ -n Creates a new instance of the package on the destination device
+ if any instance of this package already exists, up to the number
+ specified by the MAXINST variable in the pkginfo(5) file.
- -o Overwrites the same instance on the destination device.
- Package instance will be overwritten if it already
- exists.
+ -o Overwrites the same instance on the destination device. Package
+ instance will be overwritten if it already exists.
- -P passwd Supply password used to decrypt the keystore. See PASS
- PHRASE ARGUMENTS in pkgadd(8) for details on the syntax
- of the argument to this option.
-
-
- -s Indicates that the package should be written to device2
- as a datastream rather than as a file system. The
- default behavior is to write a file system format on
- devices that support both formats.
+ -s Indicates that the package should be written to device2 as a
+ datastream rather than as a file system. The default behavior is
+ to write a file system format on devices that support both for-
+ mats.
OPERANDS
@@ -135,19 +102,7 @@
example% pkgtrans -s /tmp /tmp/datastream.pkg pkg1 pkg2
- Example 2 Creating a Signed Package
-
-
-
- The following example creates a signed package from pkg1 and pkg2, and
- reads the password from the $PASS environment variable:
-
-
- example% pkgtrans -sg -k /tmp/keystore.p12 -a foo \
- -p env:PASS /tmp /tmp/signedpkg pkg1 pkg2
-
-
- Example 3 Translating a Package Datastream
+ Example 2 Translating a Package Datastream
@@ -199,4 +154,4 @@
-Oracle Solaris 11.4 4 Feb 2015 pkgtrans(1)
+Oracle Solaris 11.4 12 Jan 2023 pkgtrans(1)
diff -NurbBw 11.4.57/man1/radadrgen.1 11.4.60/man1/radadrgen.1
--- 11.4.57/man1/radadrgen.1 2023-08-23 17:32:50.382901961 -0700
+++ 11.4.60/man1/radadrgen.1 2023-08-23 17:33:19.356964242 -0700
@@ -7,7 +7,7 @@
SYNOPSIS
radadrgen [-kv] [-d directory] [-J legacy|camel]
- -l c|java|python|python37|python39 -s client|server adr
+ -l c|java|python|python37|python39|python311 -s client|server adr
radadrgen [-h]
@@ -39,8 +39,8 @@
fied, radadrgen will over-write the existing output files.
- -l c|java|python|python37|python39,
- --language c|java|python|python37|python39
+ -l c|java|python|python37|python39|python311,
+ --language c|java|python|python37|python39|python311
Specifies the language for which bindings should be generated. The
list of supported languages (for both client and server side) is
@@ -171,6 +171,10 @@
attributes(7), rad(8)
HISTORY
+ The python311 argument for the -l and --language options was added in
+ Oracle Solaris 11.4.60.
+
+
The python39 argument for the -l and --language options was added in
Oracle Solaris 11.4.51.
@@ -202,4 +206,4 @@
-Oracle Solaris 11.4 29 Nov 2022 radadrgen(1)
+Oracle Solaris 11.4 29 Mar 2023 radadrgen(1)
diff -NurbBw 11.4.57/man2/swapctl.2 11.4.60/man2/swapctl.2
--- 11.4.57/man2/swapctl.2 2023-08-23 17:32:50.414432762 -0700
+++ 11.4.60/man2/swapctl.2 2023-08-23 17:33:19.392516576 -0700
@@ -23,6 +23,13 @@
+ When SC_ADD or SC_REMOVE are specified the SC_PERSIST flag can be added
+ with a bitwise-OR with the command
+
+ SC_PERSIST /* Make the change permanent over reboots */
+
+
+
When SC_ADD or SC_REMOVE is specified, arg is a pointer to a swapres
structure containing the following members:
@@ -39,6 +46,11 @@
added.
+ When adding or removing ZFS volumes if SC_PERSIST is specified then
+ update the kvol_swap property of the ZFS volume so the change persists
+ across reboots.
+
+
When SC_LIST is specified, arg is a pointer to a swaptable structure
containing the following members:
@@ -77,6 +89,14 @@
The SC_ADD and SC_REMOVE functions will fail if calling process does
not have appropriate privileges.
+
+ The behaviour when SC_PERSIST is set and SC_ADD or SC_REMOVE is not set
+ is undefined.
+
+
+ The behaviour when SC_PERSIST and the swap device is not a ZFS volume
+ is undefined.
+
RETURN VALUES
Upon successful completion, the function swapctl() returns a value of 0
for SC_ADD or SC_REMOVE, the number of struct swapent entries actually
@@ -228,4 +248,4 @@
-Oracle Solaris 11.4 24 Mar 2020 swapctl(2)
+Oracle Solaris 11.4 25 February 2023 swapctl(2)
diff -NurbBw 11.4.57/man3c/core_get_process_content.3c 11.4.60/man3c/core_get_process_content.3c
--- 11.4.57/man3c/core_get_process_content.3c 2023-08-23 17:32:50.448685984 -0700
+++ 11.4.60/man3c/core_get_process_content.3c 2023-08-23 17:33:19.427155308 -0700
@@ -9,7 +9,7 @@
process core file control
SYNOPSIS
- #include <corectl.h>
+ #include <sys/corectl.h>
int core_set_process_content(const core_content_t *content, pid_t pid);
@@ -255,5 +255,5 @@
-Oracle Solaris 11.4 23 Jan 2023
+Oracle Solaris 11.4 3 May 2023
core_set_process_content(3C)
diff -NurbBw 11.4.57/man3c/core_get_process_path.3c 11.4.60/man3c/core_get_process_path.3c
--- 11.4.57/man3c/core_get_process_path.3c 2023-08-23 17:32:50.480975070 -0700
+++ 11.4.60/man3c/core_get_process_path.3c 2023-08-23 17:33:19.462958410 -0700
@@ -9,7 +9,7 @@
process core file control
SYNOPSIS
- #include <corectl.h>
+ #include <sys/corectl.h>
int core_set_process_content(const core_content_t *content, pid_t pid);
@@ -255,5 +255,5 @@
-Oracle Solaris 11.4 23 Jan 2023
+Oracle Solaris 11.4 3 May 2023
core_set_process_content(3C)
diff -NurbBw 11.4.57/man3c/core_set_process_content.3c 11.4.60/man3c/core_set_process_content.3c
--- 11.4.57/man3c/core_set_process_content.3c 2023-08-23 17:32:50.512289015 -0700
+++ 11.4.60/man3c/core_set_process_content.3c 2023-08-23 17:33:19.501903057 -0700
@@ -9,7 +9,7 @@
process core file control
SYNOPSIS
- #include <corectl.h>
+ #include <sys/corectl.h>
int core_set_process_content(const core_content_t *content, pid_t pid);
@@ -255,5 +255,5 @@
-Oracle Solaris 11.4 23 Jan 2023
+Oracle Solaris 11.4 3 May 2023
core_set_process_content(3C)
diff -NurbBw 11.4.57/man3c/core_set_process_path.3c 11.4.60/man3c/core_set_process_path.3c
--- 11.4.57/man3c/core_set_process_path.3c 2023-08-23 17:32:50.546902097 -0700
+++ 11.4.60/man3c/core_set_process_path.3c 2023-08-23 17:33:19.535363334 -0700
@@ -9,7 +9,7 @@
process core file control
SYNOPSIS
- #include <corectl.h>
+ #include <sys/corectl.h>
int core_set_process_content(const core_content_t *content, pid_t pid);
@@ -255,5 +255,5 @@
-Oracle Solaris 11.4 23 Jan 2023
+Oracle Solaris 11.4 3 May 2023
core_set_process_content(3C)
diff -NurbBw 11.4.57/man3ext/tsalarm_get.3ext 11.4.60/man3ext/tsalarm_get.3ext
--- 11.4.57/man3ext/tsalarm_get.3ext 2023-08-23 17:32:50.579728974 -0700
+++ 11.4.60/man3ext/tsalarm_get.3ext 2023-08-23 17:33:19.566114300 -0700
@@ -196,6 +196,8 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
+ |Architecture |SPARC |
+ +-----------------------------+-----------------------------+
|Interface Stability |Uncommitted |
+-----------------------------+-----------------------------+
|MT-Level |Safe |
@@ -206,4 +208,4 @@
-Oracle Solaris 11.4 4 Sep 2007 tsalarm_get(3EXT)
+Oracle Solaris 11.4 14 Jun 2023 tsalarm_get(3EXT)
diff -NurbBw 11.4.57/man3ext/tsalarm_set.3ext 11.4.60/man3ext/tsalarm_set.3ext
--- 11.4.57/man3ext/tsalarm_set.3ext 2023-08-23 17:32:50.612656373 -0700
+++ 11.4.60/man3ext/tsalarm_set.3ext 2023-08-23 17:33:19.597587329 -0700
@@ -196,6 +196,8 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
+ |Architecture |SPARC |
+ +-----------------------------+-----------------------------+
|Interface Stability |Uncommitted |
+-----------------------------+-----------------------------+
|MT-Level |Safe |
@@ -206,4 +208,4 @@
-Oracle Solaris 11.4 4 Sep 2007 tsalarm_get(3EXT)
+Oracle Solaris 11.4 14 Jun 2023 tsalarm_get(3EXT)
diff -NurbBw 11.4.57/man3lib/atm_cas.3lib 11.4.60/man3lib/atm_cas.3lib
--- 11.4.57/man3lib/atm_cas.3lib 2023-08-23 17:32:50.680613193 -0700
+++ 11.4.60/man3lib/atm_cas.3lib 2023-08-23 17:33:19.657294766 -0700
@@ -1671,6 +1671,8 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
+ |Architecture |SPARC |
+ +-----------------------------+-----------------------------+
|Availability |system/cmi |
+-----------------------------+-----------------------------+
|Interface Stability |Uncommitted |
@@ -1683,4 +1685,4 @@
-Oracle Solaris 11.4 11 May 2021 libcmi(3LIB)
+Oracle Solaris 11.4 14 Jun 2023 libcmi(3LIB)
diff -NurbBw 11.4.57/man3lib/attr_get.3lib 11.4.60/man3lib/attr_get.3lib
--- 11.4.57/man3lib/attr_get.3lib 2023-08-23 17:32:50.736207265 -0700
+++ 11.4.60/man3lib/attr_get.3lib 2023-08-23 17:33:19.710802755 -0700
@@ -1671,6 +1671,8 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
+ |Architecture |SPARC |
+ +-----------------------------+-----------------------------+
|Availability |system/cmi |
+-----------------------------+-----------------------------+
|Interface Stability |Uncommitted |
@@ -1683,4 +1685,4 @@
-Oracle Solaris 11.4 11 May 2021 libcmi(3LIB)
+Oracle Solaris 11.4 14 Jun 2023 libcmi(3LIB)
diff -NurbBw 11.4.57/man3lib/cflush.3lib 11.4.60/man3lib/cflush.3lib
--- 11.4.57/man3lib/cflush.3lib 2023-08-23 17:32:50.789304578 -0700
+++ 11.4.60/man3lib/cflush.3lib 2023-08-23 17:33:19.764672998 -0700
@@ -1671,6 +1671,8 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
+ |Architecture |SPARC |
+ +-----------------------------+-----------------------------+
|Availability |system/cmi |
+-----------------------------+-----------------------------+
|Interface Stability |Uncommitted |
@@ -1683,4 +1685,4 @@
-Oracle Solaris 11.4 11 May 2021 libcmi(3LIB)
+Oracle Solaris 11.4 14 Jun 2023 libcmi(3LIB)
diff -NurbBw 11.4.57/man3lib/close_fb.3lib 11.4.60/man3lib/close_fb.3lib
--- 11.4.57/man3lib/close_fb.3lib 2023-08-23 17:32:50.845462239 -0700
+++ 11.4.60/man3lib/close_fb.3lib 2023-08-23 17:33:19.818288273 -0700
@@ -1671,6 +1671,8 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
+ |Architecture |SPARC |
+ +-----------------------------+-----------------------------+
|Availability |system/cmi |
+-----------------------------+-----------------------------+
|Interface Stability |Uncommitted |
@@ -1683,4 +1685,4 @@
-Oracle Solaris 11.4 11 May 2021 libcmi(3LIB)
+Oracle Solaris 11.4 14 Jun 2023 libcmi(3LIB)
diff -NurbBw 11.4.57/man3lib/cmi_ctl.3lib 11.4.60/man3lib/cmi_ctl.3lib
--- 11.4.57/man3lib/cmi_ctl.3lib 2023-08-23 17:32:50.900840086 -0700
+++ 11.4.60/man3lib/cmi_ctl.3lib 2023-08-23 17:33:19.872088082 -0700
@@ -1671,6 +1671,8 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
+ |Architecture |SPARC |
+ +-----------------------------+-----------------------------+
|Availability |system/cmi |
+-----------------------------+-----------------------------+
|Interface Stability |Uncommitted |
@@ -1683,4 +1685,4 @@
-Oracle Solaris 11.4 11 May 2021 libcmi(3LIB)
+Oracle Solaris 11.4 14 Jun 2023 libcmi(3LIB)
diff -NurbBw 11.4.57/man3lib/cmi_enb.3lib 11.4.60/man3lib/cmi_enb.3lib
--- 11.4.57/man3lib/cmi_enb.3lib 2023-08-23 17:32:50.957057648 -0700
+++ 11.4.60/man3lib/cmi_enb.3lib 2023-08-23 17:33:19.926953677 -0700
@@ -1671,6 +1671,8 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
+ |Architecture |SPARC |
+ +-----------------------------+-----------------------------+
|Availability |system/cmi |
+-----------------------------+-----------------------------+
|Interface Stability |Uncommitted |
@@ -1683,4 +1685,4 @@
-Oracle Solaris 11.4 11 May 2021 libcmi(3LIB)
+Oracle Solaris 11.4 14 Jun 2023 libcmi(3LIB)
diff -NurbBw 11.4.57/man3lib/cmi_get_error.3lib 11.4.60/man3lib/cmi_get_error.3lib
--- 11.4.57/man3lib/cmi_get_error.3lib 2023-08-23 17:32:51.108527159 -0700
+++ 11.4.60/man3lib/cmi_get_error.3lib 2023-08-23 17:33:19.983293956 -0700
@@ -1671,6 +1671,8 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
+ |Architecture |SPARC |
+ +-----------------------------+-----------------------------+
|Availability |system/cmi |
+-----------------------------+-----------------------------+
|Interface Stability |Uncommitted |
@@ -1683,4 +1685,4 @@
-Oracle Solaris 11.4 11 May 2021 libcmi(3LIB)
+Oracle Solaris 11.4 14 Jun 2023 libcmi(3LIB)
diff -NurbBw 11.4.57/man3lib/cmi_ini.3lib 11.4.60/man3lib/cmi_ini.3lib
--- 11.4.57/man3lib/cmi_ini.3lib 2023-08-23 17:32:51.163434361 -0700
+++ 11.4.60/man3lib/cmi_ini.3lib 2023-08-23 17:33:20.046247579 -0700
@@ -1671,6 +1671,8 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
+ |Architecture |SPARC |
+ +-----------------------------+-----------------------------+
|Availability |system/cmi |
+-----------------------------+-----------------------------+
|Interface Stability |Uncommitted |
@@ -1683,4 +1685,4 @@
-Oracle Solaris 11.4 11 May 2021 libcmi(3LIB)
+Oracle Solaris 11.4 14 Jun 2023 libcmi(3LIB)
diff -NurbBw 11.4.57/man3lib/evt_get.3lib 11.4.60/man3lib/evt_get.3lib
--- 11.4.57/man3lib/evt_get.3lib 2023-08-23 17:32:51.217258912 -0700
+++ 11.4.60/man3lib/evt_get.3lib 2023-08-23 17:33:20.101449760 -0700
@@ -1671,6 +1671,8 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
+ |Architecture |SPARC |
+ +-----------------------------+-----------------------------+
|Availability |system/cmi |
+-----------------------------+-----------------------------+
|Interface Stability |Uncommitted |
@@ -1683,4 +1685,4 @@
-Oracle Solaris 11.4 11 May 2021 libcmi(3LIB)
+Oracle Solaris 11.4 14 Jun 2023 libcmi(3LIB)
diff -NurbBw 11.4.57/man3lib/evt_ret.3lib 11.4.60/man3lib/evt_ret.3lib
--- 11.4.57/man3lib/evt_ret.3lib 2023-08-23 17:32:51.272636610 -0700
+++ 11.4.60/man3lib/evt_ret.3lib 2023-08-23 17:33:20.156921404 -0700
@@ -1671,6 +1671,8 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
+ |Architecture |SPARC |
+ +-----------------------------+-----------------------------+
|Availability |system/cmi |
+-----------------------------+-----------------------------+
|Interface Stability |Uncommitted |
@@ -1683,4 +1685,4 @@
-Oracle Solaris 11.4 11 May 2021 libcmi(3LIB)
+Oracle Solaris 11.4 14 Jun 2023 libcmi(3LIB)
diff -NurbBw 11.4.57/man3lib/fini.3lib 11.4.60/man3lib/fini.3lib
--- 11.4.57/man3lib/fini.3lib 2023-08-23 17:32:51.328671181 -0700
+++ 11.4.60/man3lib/fini.3lib 2023-08-23 17:33:20.211863755 -0700
@@ -1671,6 +1671,8 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
+ |Architecture |SPARC |
+ +-----------------------------+-----------------------------+
|Availability |system/cmi |
+-----------------------------+-----------------------------+
|Interface Stability |Uncommitted |
@@ -1683,4 +1685,4 @@
-Oracle Solaris 11.4 11 May 2021 libcmi(3LIB)
+Oracle Solaris 11.4 14 Jun 2023 libcmi(3LIB)
diff -NurbBw 11.4.57/man3lib/flush_fb.3lib 11.4.60/man3lib/flush_fb.3lib
--- 11.4.57/man3lib/flush_fb.3lib 2023-08-23 17:32:51.380351791 -0700
+++ 11.4.60/man3lib/flush_fb.3lib 2023-08-23 17:33:20.266811637 -0700
@@ -1671,6 +1671,8 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
+ |Architecture |SPARC |
+ +-----------------------------+-----------------------------+
|Availability |system/cmi |
+-----------------------------+-----------------------------+
|Interface Stability |Uncommitted |
@@ -1683,4 +1685,4 @@
-Oracle Solaris 11.4 11 May 2021 libcmi(3LIB)
+Oracle Solaris 11.4 14 Jun 2023 libcmi(3LIB)
diff -NurbBw 11.4.57/man3lib/ini_th.3lib 11.4.60/man3lib/ini_th.3lib
--- 11.4.57/man3lib/ini_th.3lib 2023-08-23 17:32:51.442542524 -0700
+++ 11.4.60/man3lib/ini_th.3lib 2023-08-23 17:33:20.323370472 -0700
@@ -1671,6 +1671,8 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
+ |Architecture |SPARC |
+ +-----------------------------+-----------------------------+
|Availability |system/cmi |
+-----------------------------+-----------------------------+
|Interface Stability |Uncommitted |
@@ -1683,4 +1685,4 @@
-Oracle Solaris 11.4 11 May 2021 libcmi(3LIB)
+Oracle Solaris 11.4 14 Jun 2023 libcmi(3LIB)
diff -NurbBw 11.4.57/man3lib/libcmi.3lib 11.4.60/man3lib/libcmi.3lib
--- 11.4.57/man3lib/libcmi.3lib 2023-08-23 17:32:51.497351845 -0700
+++ 11.4.60/man3lib/libcmi.3lib 2023-08-23 17:33:20.375661882 -0700
@@ -1671,6 +1671,8 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
+ |Architecture |SPARC |
+ +-----------------------------+-----------------------------+
|Availability |system/cmi |
+-----------------------------+-----------------------------+
|Interface Stability |Uncommitted |
@@ -1683,4 +1685,4 @@
-Oracle Solaris 11.4 11 May 2021 libcmi(3LIB)
+Oracle Solaris 11.4 14 Jun 2023 libcmi(3LIB)
diff -NurbBw 11.4.57/man3lib/libfjcmi.3lib 11.4.60/man3lib/libfjcmi.3lib
--- 11.4.57/man3lib/libfjcmi.3lib 2023-08-23 17:32:51.529388769 -0700
+++ 11.4.60/man3lib/libfjcmi.3lib 2023-08-23 17:33:20.406239754 -0700
@@ -120,6 +120,8 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
+ |Architecture |SPARC |
+ +-----------------------------+-----------------------------+
|Interface Stability |Uncommitted |
+-----------------------------+-----------------------------+
|Availability |system/fjcmi |
@@ -132,4 +134,4 @@
-Oracle Solaris 11.4 10 Mar 2016 libfjcmi(3LIB)
+Oracle Solaris 11.4 14 Jun 2023 libfjcmi(3LIB)
diff -NurbBw 11.4.57/man3lib/libpam.3lib 11.4.60/man3lib/libpam.3lib
--- 11.4.57/man3lib/libpam.3lib 2023-08-23 17:32:51.561506155 -0700
+++ 11.4.60/man3lib/libpam.3lib 2023-08-23 17:33:20.438937521 -0700
@@ -11,7 +11,7 @@
DESCRIPTION
Functions in this library provide routines for the Pluggable Authenti-
- cation Module (PAM).
+ cation Module (PAM) framework.
INTERFACES
The shared object libpam.so.1 provides the public interfaces defined
@@ -33,63 +33,73 @@
FILES
/lib/libpam.so.1
- shared object
+ 32-bit shared object
- /etc/pam.conf
+ /lib/64/libpam.so.1
- configuration file
+ 64-bit shared object
- /etc/pam.d/service
+ /etc/pam.conf
- alternate PAM configuration files
+ global configuration file, see pam.conf(5)
- /usr/lib/security/pam_dial_auth.so.1
+ /etc/pam.d/service
- authentication management PAM module for dialups
+ per-service PAM configuration files, see pam.d(5)
- /usr/lib/security/pam_rhosts_auth.so.1
+ /usr/lib/security/pam_*.so.1
- authentication management PAM modules that use ruserok()
+ 32-bit PAM modules
- /usr/lib/security/pam_sample.so.1
+ /usr/lib/security/64/pam_*.so.1
- sample PAM module
+ 64-bit PAM modules
ATTRIBUTES
- See attributes(7) for description of the following attributes:
+ See attributes(7) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
- |Availability |system/library |
+ |Availability |system/library/pam-core |
+ +-----------------------------+-----------------------------+
+ |Interface Stability |Committed |
+-----------------------------+-----------------------------+
|MT Level |MT-Safe with exceptions |
+-----------------------------+-----------------------------+
-SEE ALSO
- pvs(1), pam(3PAM), intro(3), pam.conf(5), attributes(7), pam_auth-
- tok_check(7), pam_authtok_get(7), pam_authtok_store(7), pam_dhkeys(7),
- pam_dial_auth(7), pam_passwd_auth(7), pam_rhosts_auth(7), pam_sam-
- ple(7), pam_unix_account(7), pam_unix_auth(7), pam_unix_session(7),
- pam_user_policy(7)
-NOTES
The functions in libpam are MT-Safe only if each thread within the mul-
tithreaded application uses its own PAM handle.
+SEE ALSO
+ intro(3), pam(3PAM), pam_sm(3PAM), pam.conf(5), attributes(7), pam_sam-
+ ple(7), pam_user_policy(7)
+
+ Chapter 3, Writing PAM Applications and Services in Developer's Guide
+ to Oracle Solaris 11.4 Security
+
+NOTES
The pam_unix(7) module is no longer supported. Similar functionality is
provided by pam_authtok_check(7), pam_authtok_get(7), pam_auth-
tok_store(7), pam_dhkeys(7), pam_passwd_auth(7), pam_unix_account(7),
pam_unix_auth(7), and pam_unix_session(7).
+HISTORY
+ The libpam.so.1 library was introduced in the Solaris 2.6 release. It
+ was moved from /usr/lib to /lib in the Solaris 10 release.
+
+
+ See the man pages for each function or module for its history.
+
-Oracle Solaris 11.4 22 May 2012 libpam(3LIB)
+Oracle Solaris 11.4 15 Mar 2023 libpam(3LIB)
diff -NurbBw 11.4.57/man3lib/libtsalarm.3lib 11.4.60/man3lib/libtsalarm.3lib
--- 11.4.57/man3lib/libtsalarm.3lib 2023-08-23 17:32:51.592753683 -0700
+++ 11.4.60/man3lib/libtsalarm.3lib 2023-08-23 17:33:20.472820254 -0700
@@ -36,6 +36,8 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
+ |Architecture |SPARC |
+ +-----------------------------+-----------------------------+
|Availability |system/library/platform |
+-----------------------------+-----------------------------+
|Interface Stability |Uncommitted |
@@ -48,4 +50,4 @@
-Oracle Solaris 11.4 4 Sep 2007 libtsalarm(3LIB)
+Oracle Solaris 11.4 14 Jun 2023 libtsalarm(3LIB)
diff -NurbBw 11.4.57/man3lib/mb_fn.3lib 11.4.60/man3lib/mb_fn.3lib
--- 11.4.57/man3lib/mb_fn.3lib 2023-08-23 17:32:51.649398632 -0700
+++ 11.4.60/man3lib/mb_fn.3lib 2023-08-23 17:33:20.526402872 -0700
@@ -1671,6 +1671,8 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
+ |Architecture |SPARC |
+ +-----------------------------+-----------------------------+
|Availability |system/cmi |
+-----------------------------+-----------------------------+
|Interface Stability |Uncommitted |
@@ -1683,4 +1685,4 @@
-Oracle Solaris 11.4 11 May 2021 libcmi(3LIB)
+Oracle Solaris 11.4 14 Jun 2023 libcmi(3LIB)
diff -NurbBw 11.4.57/man3lib/open_fb.3lib 11.4.60/man3lib/open_fb.3lib
--- 11.4.57/man3lib/open_fb.3lib 2023-08-23 17:32:51.703909915 -0700
+++ 11.4.60/man3lib/open_fb.3lib 2023-08-23 17:33:20.580757987 -0700
@@ -1671,6 +1671,8 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
+ |Architecture |SPARC |
+ +-----------------------------+-----------------------------+
|Availability |system/cmi |
+-----------------------------+-----------------------------+
|Interface Stability |Uncommitted |
@@ -1683,4 +1685,4 @@
-Oracle Solaris 11.4 11 May 2021 libcmi(3LIB)
+Oracle Solaris 11.4 14 Jun 2023 libcmi(3LIB)
diff -NurbBw 11.4.57/man3lib/rmb_fn.3lib 11.4.60/man3lib/rmb_fn.3lib
--- 11.4.57/man3lib/rmb_fn.3lib 2023-08-23 17:32:51.762027460 -0700
+++ 11.4.60/man3lib/rmb_fn.3lib 2023-08-23 17:33:20.639065513 -0700
@@ -1671,6 +1671,8 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
+ |Architecture |SPARC |
+ +-----------------------------+-----------------------------+
|Availability |system/cmi |
+-----------------------------+-----------------------------+
|Interface Stability |Uncommitted |
@@ -1683,4 +1685,4 @@
-Oracle Solaris 11.4 11 May 2021 libcmi(3LIB)
+Oracle Solaris 11.4 14 Jun 2023 libcmi(3LIB)
diff -NurbBw 11.4.57/man3lib/rseg_del.3lib 11.4.60/man3lib/rseg_del.3lib
--- 11.4.57/man3lib/rseg_del.3lib 2023-08-23 17:32:51.817685426 -0700
+++ 11.4.60/man3lib/rseg_del.3lib 2023-08-23 17:33:20.693932099 -0700
@@ -1671,6 +1671,8 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
+ |Architecture |SPARC |
+ +-----------------------------+-----------------------------+
|Availability |system/cmi |
+-----------------------------+-----------------------------+
|Interface Stability |Uncommitted |
@@ -1683,4 +1685,4 @@
-Oracle Solaris 11.4 11 May 2021 libcmi(3LIB)
+Oracle Solaris 11.4 14 Jun 2023 libcmi(3LIB)
diff -NurbBw 11.4.57/man3lib/seg_at.3lib 11.4.60/man3lib/seg_at.3lib
--- 11.4.57/man3lib/seg_at.3lib 2023-08-23 17:32:51.874942064 -0700
+++ 11.4.60/man3lib/seg_at.3lib 2023-08-23 17:33:20.745761733 -0700
@@ -1671,6 +1671,8 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
+ |Architecture |SPARC |
+ +-----------------------------+-----------------------------+
|Availability |system/cmi |
+-----------------------------+-----------------------------+
|Interface Stability |Uncommitted |
@@ -1683,4 +1685,4 @@
-Oracle Solaris 11.4 11 May 2021 libcmi(3LIB)
+Oracle Solaris 11.4 14 Jun 2023 libcmi(3LIB)
diff -NurbBw 11.4.57/man3lib/seg_ctl.3lib 11.4.60/man3lib/seg_ctl.3lib
--- 11.4.57/man3lib/seg_ctl.3lib 2023-08-23 17:32:51.928802175 -0700
+++ 11.4.60/man3lib/seg_ctl.3lib 2023-08-23 17:33:20.800949036 -0700
@@ -1671,6 +1671,8 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
+ |Architecture |SPARC |
+ +-----------------------------+-----------------------------+
|Availability |system/cmi |
+-----------------------------+-----------------------------+
|Interface Stability |Uncommitted |
@@ -1683,4 +1685,4 @@
-Oracle Solaris 11.4 11 May 2021 libcmi(3LIB)
+Oracle Solaris 11.4 14 Jun 2023 libcmi(3LIB)
diff -NurbBw 11.4.57/man3lib/seg_dt.3lib 11.4.60/man3lib/seg_dt.3lib
--- 11.4.57/man3lib/seg_dt.3lib 2023-08-23 17:32:51.982951537 -0700
+++ 11.4.60/man3lib/seg_dt.3lib 2023-08-23 17:33:20.855571496 -0700
@@ -1671,6 +1671,8 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
+ |Architecture |SPARC |
+ +-----------------------------+-----------------------------+
|Availability |system/cmi |
+-----------------------------+-----------------------------+
|Interface Stability |Uncommitted |
@@ -1683,4 +1685,4 @@
-Oracle Solaris 11.4 11 May 2021 libcmi(3LIB)
+Oracle Solaris 11.4 14 Jun 2023 libcmi(3LIB)
diff -NurbBw 11.4.57/man3lib/seg_exp.3lib 11.4.60/man3lib/seg_exp.3lib
--- 11.4.57/man3lib/seg_exp.3lib 2023-08-23 17:32:52.040760117 -0700
+++ 11.4.60/man3lib/seg_exp.3lib 2023-08-23 17:33:20.914151064 -0700
@@ -1671,6 +1671,8 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
+ |Architecture |SPARC |
+ +-----------------------------+-----------------------------+
|Availability |system/cmi |
+-----------------------------+-----------------------------+
|Interface Stability |Uncommitted |
@@ -1683,4 +1685,4 @@
-Oracle Solaris 11.4 11 May 2021 libcmi(3LIB)
+Oracle Solaris 11.4 14 Jun 2023 libcmi(3LIB)
diff -NurbBw 11.4.57/man3lib/seg_get.3lib 11.4.60/man3lib/seg_get.3lib
--- 11.4.57/man3lib/seg_get.3lib 2023-08-23 17:32:52.096070967 -0700
+++ 11.4.60/man3lib/seg_get.3lib 2023-08-23 17:33:20.969011915 -0700
@@ -1671,6 +1671,8 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
+ |Architecture |SPARC |
+ +-----------------------------+-----------------------------+
|Availability |system/cmi |
+-----------------------------+-----------------------------+
|Interface Stability |Uncommitted |
@@ -1683,4 +1685,4 @@
-Oracle Solaris 11.4 11 May 2021 libcmi(3LIB)
+Oracle Solaris 11.4 14 Jun 2023 libcmi(3LIB)
diff -NurbBw 11.4.57/man3lib/seg_imp.3lib 11.4.60/man3lib/seg_imp.3lib
--- 11.4.57/man3lib/seg_imp.3lib 2023-08-23 17:32:52.151266385 -0700
+++ 11.4.60/man3lib/seg_imp.3lib 2023-08-23 17:33:21.089320127 -0700
@@ -1671,6 +1671,8 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
+ |Architecture |SPARC |
+ +-----------------------------+-----------------------------+
|Availability |system/cmi |
+-----------------------------+-----------------------------+
|Interface Stability |Uncommitted |
@@ -1683,4 +1685,4 @@
-Oracle Solaris 11.4 11 May 2021 libcmi(3LIB)
+Oracle Solaris 11.4 14 Jun 2023 libcmi(3LIB)
diff -NurbBw 11.4.57/man3lib/tok_del.3lib 11.4.60/man3lib/tok_del.3lib
--- 11.4.57/man3lib/tok_del.3lib 2023-08-23 17:32:52.209948872 -0700
+++ 11.4.60/man3lib/tok_del.3lib 2023-08-23 17:33:21.146150359 -0700
@@ -1671,6 +1671,8 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
+ |Architecture |SPARC |
+ +-----------------------------+-----------------------------+
|Availability |system/cmi |
+-----------------------------+-----------------------------+
|Interface Stability |Uncommitted |
@@ -1683,4 +1685,4 @@
-Oracle Solaris 11.4 11 May 2021 libcmi(3LIB)
+Oracle Solaris 11.4 14 Jun 2023 libcmi(3LIB)
diff -NurbBw 11.4.57/man3lib/tok_new.3lib 11.4.60/man3lib/tok_new.3lib
--- 11.4.57/man3lib/tok_new.3lib 2023-08-23 17:32:52.264446058 -0700
+++ 11.4.60/man3lib/tok_new.3lib 2023-08-23 17:33:21.205770781 -0700
@@ -1671,6 +1671,8 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
+ |Architecture |SPARC |
+ +-----------------------------+-----------------------------+
|Availability |system/cmi |
+-----------------------------+-----------------------------+
|Interface Stability |Uncommitted |
@@ -1683,4 +1685,4 @@
-Oracle Solaris 11.4 11 May 2021 libcmi(3LIB)
+Oracle Solaris 11.4 14 Jun 2023 libcmi(3LIB)
diff -NurbBw 11.4.57/man3lib/wmb_fn.3lib 11.4.60/man3lib/wmb_fn.3lib
--- 11.4.57/man3lib/wmb_fn.3lib 2023-08-23 17:32:52.318977920 -0700
+++ 11.4.60/man3lib/wmb_fn.3lib 2023-08-23 17:33:21.259929278 -0700
@@ -1671,6 +1671,8 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
+ |Architecture |SPARC |
+ +-----------------------------+-----------------------------+
|Availability |system/cmi |
+-----------------------------+-----------------------------+
|Interface Stability |Uncommitted |
@@ -1683,4 +1685,4 @@
-Oracle Solaris 11.4 11 May 2021 libcmi(3LIB)
+Oracle Solaris 11.4 14 Jun 2023 libcmi(3LIB)
diff -NurbBw 11.4.57/man3pam/pam_acct_mgmt.3pam 11.4.60/man3pam/pam_acct_mgmt.3pam
--- 11.4.57/man3pam/pam_acct_mgmt.3pam 2023-08-23 17:32:52.349920171 -0700
+++ 11.4.60/man3pam/pam_acct_mgmt.3pam 2023-08-23 17:33:21.291862487 -0700
@@ -76,11 +76,11 @@
PAM_LOGINS_DISABLED Logins for non-root/maintenance users are dis-
abled due to the presence of the /etc/nologin
- file. See nologin(5)
+ file. See nologin(5).
ATTRIBUTES
- See attributes(7) for description of the following attributes:
+ See attributes(7) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
@@ -91,14 +91,21 @@
|MT-Level |MT-Safe with exceptions |
+-----------------------------+-----------------------------+
+
+ The interfaces in libpam are MT-Safe only if each thread within the
+ multithreaded application uses its own PAM handle.
+
SEE ALSO
libpam(3LIB), pam(3PAM), pam_authenticate(3PAM), pam_start(3PAM), nolo-
gin(5), attributes(7)
-NOTES
- The interfaces in libpam are MT-Safe only if each thread within the
- multithreaded application uses its own PAM handle.
+HISTORY
+ Support for checking for /etc/nologin in pam_acct_mgmt() and the
+ PAM_LOGINS_DISABLED return value was added in Solaris 11.2.0.
+
+
+ The pam_acct_mgmt() function was introduced in Solaris 2.6.
-Oracle Solaris 11.4 3 Nov 2021 pam_acct_mgmt(3PAM)
+Oracle Solaris 11.4 15 Mar 2023 pam_acct_mgmt(3PAM)
diff -NurbBw 11.4.57/man3pam/pam_authenticate.3pam 11.4.60/man3pam/pam_authenticate.3pam
--- 11.4.57/man3pam/pam_authenticate.3pam 2023-08-23 17:32:52.386789000 -0700
+++ 11.4.60/man3pam/pam_authenticate.3pam 2023-08-23 17:33:21.324257725 -0700
@@ -16,7 +16,7 @@
user. The user is usually required to enter a password or similar
authentication token depending upon the authentication service config-
ured within the system. The user in question should have been specified
- by a prior call to pam_start() or pam_set_item().
+ by a prior call to pam_start(3PAM) or pam_set_item(3PAM).
The following flags may be set in the flags field:
@@ -56,7 +56,7 @@
ATTRIBUTES
- See attributes(7) for description of the following attributes:
+ See attributes(7) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
@@ -67,6 +67,10 @@
|MT-Level |MT-Safe with exceptions |
+-----------------------------+-----------------------------+
+
+ The interfaces in libpam are MT-Safe only if each thread within the
+ multithreaded application uses its own PAM handle.
+
SEE ALSO
libpam(3LIB), pam(3PAM), pam_open_session(3PAM), pam_set_item(3PAM),
pam_setcred(3PAM), pam_start(3PAM), attributes(7)
@@ -100,10 +104,9 @@
For security reasons, pam_authenticate() clears the PAM_AUTHTOK item in
the PAM handle prior to returning to the application.
-
- The interfaces in libpam are MT-Safe only if each thread within the
- multithreaded application uses its own PAM handle.
+HISTORY
+ The pam_authenticate() function was introduced in Solaris 2.6.
-Oracle Solaris 11.4 16 Mar 2016 pam_authenticate(3PAM)
+Oracle Solaris 11.4 15 Mar 2023 pam_authenticate(3PAM)
diff -NurbBw 11.4.57/man3pam/pam_chauthtok.3pam 11.4.60/man3pam/pam_chauthtok.3pam
--- 11.4.57/man3pam/pam_chauthtok.3pam 2023-08-23 17:32:52.429235047 -0700
+++ 11.4.60/man3pam/pam_chauthtok.3pam 2023-08-23 17:33:21.354063487 -0700
@@ -69,7 +69,7 @@
ATTRIBUTES
- See attributes(7) for description of the following attributes:
+ See attributes(7) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
@@ -80,9 +80,13 @@
|MT-Level |MT-Safe with exceptions |
+-----------------------------+-----------------------------+
+
+ The interfaces in libpam are MT-Safe only if each thread within the
+ multithreaded application uses its own PAM handle.
+
SEE ALSO
pam(3PAM), login(1), passwd(1), pam_start(3PAM), pam_authenti-
- cate(3PAM), attributes
+ cate(3PAM), attributes(7), pam_authtok_check(7)
NOTES
The flag PAM_CHANGE_EXPIRED_AUTHTOK is typically used by a login appli-
@@ -103,17 +107,24 @@
The flag PAM_NO_AUTHTOK_CHECK is typically used by programs that allow
an administrator to bypass various password conformance checks when
- setting a password for a user.
+ setting a password for a user. The passwd(1) command only sets this
+ flag if the user has the solaris.passwd.nocheck authorization. The
+ attributes(7) module ignores the PAM_NO_AUTHTOK_CHECK flag if the
+ force_check option is specified in the module entry in the PAM configu-
+ ration.
For security reasons, pam_chauthtok() clears the PAM_AUTHTOK and
PAM_OLDAUTHTOK items in the PAM handle prior to returning to the call-
ing application.
+HISTORY
+ The PAM_NO_AUTHTOK_CHECK flag was added in the Oracle Solaris 11.0.0
+ release.
- The interfaces in libpam are MT-Safe only if each thread within the
- multithreaded application uses its own PAM handle.
+
+ The pam_chauthtok() function was introduced in Solaris 2.6.
-Oracle Solaris 11.4 16 Mar 2016 pam_chauthtok(3PAM)
+Oracle Solaris 11.4 15 Mar 2023 pam_chauthtok(3PAM)
diff -NurbBw 11.4.57/man3pam/pam_close_session.3pam 11.4.60/man3pam/pam_close_session.3pam
--- 11.4.57/man3pam/pam_close_session.3pam 2023-08-23 17:32:52.471601122 -0700
+++ 11.4.60/man3pam/pam_close_session.3pam 2023-08-23 17:33:21.386086705 -0700
@@ -42,7 +42,7 @@
ATTRIBUTES
- See attributes(7) for description of the following attributes:
+ See attributes(7) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
@@ -53,15 +53,19 @@
|MT-Level |MT-Safe with exceptions |
+-----------------------------+-----------------------------+
+
+ The interfaces in libpam are MT-Safe only if each thread within the
+ multithreaded application uses its own PAM handle.
+
SEE ALSO
getutxent(3C), pam(3PAM), pam_acct_mgmt(3PAM), pam_authenticate(3PAM),
- pam_start(3PAM), attributes(7)
+ pam_start(3PAM), attributes(7), pam_unix_session(7)
NOTES
In many instances, the pam_open_session() and pam_close_session() calls
- may be made by different processes. For example, in UNIX the login
- process opens a session, while the init process closes the session. In
- this case, UTMP/WTMP entries may be used to link the call to
+ may be made by different processes. For example, for console logins the
+ login process opens a session, while the init process closes the ses-
+ sion. In this case, UTMP/WTMP entries may be used to link the call to
pam_close_session() with an earlier call to pam_open_session(). This is
possible because UTMP/WTMP entries are uniquely identified by a combi-
nation of attributes, including the user login name and device name,
@@ -69,10 +73,10 @@
pam_open_session() should precede UTMP/WTMP entry management, and the
call to pam_close_session() should follow UTMP/WTMP exit management.
-
- The interfaces in libpam are MT-Safe only if each thread within the
- multithreaded application uses its own PAM handle.
+HISTORY
+ The pam_open_session() and pam_close_session() functions were intro-
+ duced in Solaris 2.6.
-Oracle Solaris 11.4 13 Oct 1998 pam_open_session(3PAM)
+Oracle Solaris 11.4 15 Mar 2023 pam_open_session(3PAM)
diff -NurbBw 11.4.57/man3pam/pam_end.3pam 11.4.60/man3pam/pam_end.3pam
--- 11.4.57/man3pam/pam_end.3pam 2023-08-23 17:32:52.503952688 -0700
+++ 11.4.60/man3pam/pam_end.3pam 2023-08-23 17:33:21.415769962 -0700
@@ -125,7 +125,7 @@
Refer to the RETURN VALUES section on pam(3PAM).
ATTRIBUTES
- See attributes(7) for description of the following attributes:
+ See attributes(7) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
@@ -136,6 +136,10 @@
|MT-Level |MT-Safe with exceptions |
+-----------------------------+-----------------------------+
+
+ The interfaces in libpam are MT-Safe only if each thread within the
+ multithreaded application uses its own PAM handle.
+
SEE ALSO
libpam(3LIB), pam(3PAM), pam_acct_mgmt(3PAM), pam_authenticate(3PAM),
pam_chauthtok(3PAM), pam_open_session(3PAM), pam_set_data(3PAM),
@@ -144,10 +148,9 @@
Developer's Guide to Oracle Solaris 11.4 Security
-NOTES
- The interfaces in libpam are MT-Safe only if each thread within the
- multithreaded application uses its own PAM handle.
+HISTORY
+ The pam_start() function was introduced in Solaris 2.6.
-Oracle Solaris 11.4 16 Jun 2011 pam_start(3PAM)
+Oracle Solaris 11.4 15 Mar 2023 pam_start(3PAM)
diff -NurbBw 11.4.57/man3pam/pam_eval.3pam 11.4.60/man3pam/pam_eval.3pam
--- 11.4.57/man3pam/pam_eval.3pam 2023-08-23 17:32:52.542835999 -0700
+++ 11.4.60/man3pam/pam_eval.3pam 2023-08-23 17:33:21.446441495 -0700
@@ -50,7 +50,7 @@
PAM_AUTH_ERR, for the auth stack).
ATTRIBUTES
- See attributes(7) for description of the following attributes:
+ See attributes(7) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
@@ -61,14 +61,17 @@
|MT-Level |MT-Safe with exceptions |
+-----------------------------+-----------------------------+
+
+ The interfaces in libpam are MT-Safe only if each thread within the
+ multithreaded application uses its own PAM handle.
+
SEE ALSO
libpam(3LIB), pam(3PAM), pam_authenticate(3PAM), pam.conf(5),
attributes(7), pam_user_policy(7)
-NOTES
- The interfaces in libpam are MT-Safe only if each thread within the
- multithreaded application uses its own PAM handle.
+HISTORY
+ The pam_eval() function was introduced in Solaris 11.1.0.
-Oracle Solaris 11.4 28 Mar 2012 pam_eval(3PAM)
+Oracle Solaris 11.4 15 Mar 2023 pam_eval(3PAM)
diff -NurbBw 11.4.57/man3pam/pam_get_data.3pam 11.4.60/man3pam/pam_get_data.3pam
--- 11.4.57/man3pam/pam_get_data.3pam 2023-08-23 17:32:52.574362447 -0700
+++ 11.4.60/man3pam/pam_get_data.3pam 2023-08-23 17:33:21.478152459 -0700
@@ -9,6 +9,7 @@
SYNOPSIS
cc [ flag ... ] file ... -lpam [ library ... ]
#include <security/pam_appl.h>
+ #include <security/pam_modules.h>
int pam_set_data(pam_handle_t *pamh,
const char *module_data_name, void *data,
@@ -59,7 +60,7 @@
ATTRIBUTES
- See attributes(7) for description of the following attributes:
+ See attributes(7) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
@@ -70,13 +71,17 @@
|MT-Level |MT-Safe with exceptions |
+-----------------------------+-----------------------------+
-SEE ALSO
- libpam(3LIB), pam(3PAM), pam_end(3PAM), attributes(7)
-NOTES
The interfaces in libpam are MT-Safe only if each thread within the
multithreaded application uses its own PAM handle.
+SEE ALSO
+ libpam(3LIB), pam(3PAM), pam_end(3PAM), attributes(7)
+
+HISTORY
+ The pam_set_data() and pam_get_data() functions were introduced in
+ Solaris 2.6.
+
-Oracle Solaris 11.4 16 Jun 2011 pam_set_data(3PAM)
+Oracle Solaris 11.4 15 Mar 2023 pam_set_data(3PAM)
diff -NurbBw 11.4.57/man3pam/pam_get_item.3pam 11.4.60/man3pam/pam_get_item.3pam
--- 11.4.57/man3pam/pam_get_item.3pam 2023-08-23 17:32:52.607962251 -0700
+++ 11.4.60/man3pam/pam_get_item.3pam 2023-08-23 17:33:21.511805426 -0700
@@ -42,11 +42,11 @@
PAM_RESOURCE A semicolon-separated list of key=value pairs that
- represent the set of resource controls for applica-
- tion by pam_setcred(3PAM) or pam_open_session(3PAM).
- See the individual service module definitions, such
- as pam_unix_cred(7), for interpretations of the keys
- and values.
+ represent the set of resource controls to be set for
+ the application by pam_setcred(3PAM) or
+ pam_open_session(3PAM). See the individual service
+ module definitions, such as pam_unix_cred(7), for
+ interpretations of the keys and values.
PAM_RHOST The remote host name.
@@ -64,7 +64,7 @@
PAM_USER The user name.
- PAM_USER_PROMPT The default prompt used by pam_get_user().
+ PAM_USER_PROMPT The default prompt used by pam_get_user(3PAM).
PAM_REPOSITORY The repository that contains the authentication
@@ -121,7 +119,7 @@
return values.
ATTRIBUTES
- See attributes(7) for description of the following attributes:
+ See attributes(7) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
@@ -153,6 +151,31 @@
from a source other than pam_authenticate(3PAM). Such sources could be
sshd host-based authentication, kerberized rlogin, and su(8).
+HISTORY
+ The pam_set_item() and pam_get_item() functions were introduced in
+ Solaris 2.6.
+
+
+ Support for the following item types is available in Solaris starting
+ with the listed release:
+
+
+ +-------------------------------------------------+-------------------+
+ | ITEM TYPE | RELEASE |
+ +-------------------------------------------------+-------------------+
+ |PAM_DISPLAY |11.2.0 |
+ +-------------------------------------------------+-------------------+
+ |PAM_AUSER |10 8/08 (Update 6) |
+ +-------------------------------------------------+-------------------+
+ |PAM_RESOURCE |10 3/05 |
+ +-------------------------------------------------+-------------------+
+ |PAM_REPOSITORY |8 10/01 (Update 6) |
+ +-------------------------------------------------+-------------------+
+ |PAM_AUTHTOK, PAM_CONV, PAM_OLDAUTHTOK, |2.6 |
+ |PAM_RHOST, PAM_RUSER, PAM_SERVICE, PAM_TTY, | |
+ |PAM_USER, PAM_USER_PROMPT | |
+ +-------------------------------------------------+-------------------+
+
-Oracle Solaris 11.4 31 Oct 2006 pam_set_item(3PAM)
+Oracle Solaris 11.4 15 Mar 2023 pam_set_item(3PAM)
diff -NurbBw 11.4.57/man3pam/pam_get_user.3pam 11.4.60/man3pam/pam_get_user.3pam
--- 11.4.57/man3pam/pam_get_user.3pam 2023-08-23 17:32:52.640512342 -0700
+++ 11.4.60/man3pam/pam_get_user.3pam 2023-08-23 17:33:21.543183050 -0700
@@ -9,19 +9,17 @@
cc [ flag ... ] file ... -lpam [ library ... ]
#include <security/pam_appl.h>
-
-
int pam_get_user(pam_handle_t *pamh, char **user,
const char *prompt);
DESCRIPTION
The pam_get_user() function is used by PAM service modules to retrieve
the current user name from the PAM handle. If the user name has not
- been set with pam_start() or pam_set_item(), the PAM conversation func-
- tion will be used to prompt the user for the user name with the string
- "prompt". If prompt is NULL, then pam_get_item() is called and the
- value of PAM_USER_PROMPT is used for prompting. If the value of
- PAM_USER_PROMPT is NULL, the following default prompt is used:
+ been set with pam_start(3PAM) or pam_set_item(3PAM), the PAM conversa-
+ tion function will be used to prompt the user for the user name with
+ the given prompt string. If prompt is NULL, then pam_get_item() is
+ called and the value of PAM_USER_PROMPT is used for prompting. If the
+ value of PAM_USER_PROMPT is NULL, the following default prompt is used:
Please enter user name:
@@ -31,8 +29,8 @@
pam_set_item() is called to set the value of PAM_USER. By convention,
applications that need to prompt for a user name should call
pam_set_item() and set the value of PAM_USER_PROMPT before calling
- pam_authenticate(). The service module's pam_sm_authenticate() function
- will then call pam_get_user() to prompt for the user name.
+ pam_authenticate(3PAM). The service module's pam_sm_authenticate(3PAM)
+ function will then call pam_get_user() to prompt for the user name.
Note that certain PAM service modules, such as a smartcard module, may
@@ -49,7 +47,7 @@
return values.
ATTRIBUTES
- See attributes(7) for description of the following attributes:
+ See attributes(7) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
@@ -60,15 +58,18 @@
|MT-Level |MT-Safe with exceptions |
+-----------------------------+-----------------------------+
+
+ The interfaces in libpam are MT-Safe only if each thread within the
+ multithreaded application uses its own PAM handle.
+
SEE ALSO
pam(3PAM), pam_authenticate(3PAM), pam_end(3PAM), pam_get_item(3PAM),
pam_set_item(3PAM), pam_sm(3PAM), pam_sm_authenticate(3PAM),
pam_start(3PAM), attributes(7)
-NOTES
- The interfaces in libpam are MT-Safe only if each thread within the
- multithreaded application uses its own PAM handle.
+HISTORY
+ The pam_get_user() function was introduced in Solaris 2.6.
-Oracle Solaris 11.4 11 May 2021 pam_get_user(3PAM)
+Oracle Solaris 11.4 15 Mar 2023 pam_get_user(3PAM)
diff -NurbBw 11.4.57/man3pam/pam_getenv.3pam 11.4.60/man3pam/pam_getenv.3pam
--- 11.4.57/man3pam/pam_getenv.3pam 2023-08-23 17:32:52.671830281 -0700
+++ 11.4.60/man3pam/pam_getenv.3pam 2023-08-23 17:33:21.574348727 -0700
@@ -35,14 +35,17 @@
|MT-Level |MT-Safe with exceptions |
+-----------------------------+-----------------------------+
+
+ The interfaces in libpam are MT-Safe only if each thread within the
+ multithreaded application uses its own PAM handle.
+
SEE ALSO
libpam(3LIB), pam(3PAM), pam_getenvlist(3PAM), pam_putenv(3PAM),
attributes(7)
-NOTES
- The interfaces in libpam are MT-Safe only if each thread within the
- multithreaded application uses its own PAM handle.
+HISTORY
+ The pam_getenv() function was introduced in Solaris 2.6.
-Oracle Solaris 11.4 13 Oct 1998 pam_getenv(3PAM)
+Oracle Solaris 11.4 15 Mar 2023 pam_getenv(3PAM)
diff -NurbBw 11.4.57/man3pam/pam_getenvlist.3pam 11.4.60/man3pam/pam_getenvlist.3pam
--- 11.4.57/man3pam/pam_getenvlist.3pam 2023-08-23 17:32:52.703155310 -0700
+++ 11.4.60/man3pam/pam_getenvlist.3pam 2023-08-23 17:33:21.606461725 -0700
@@ -37,14 +37,17 @@
|MT-Level |MT-Safe with exceptions |
+-----------------------------+-----------------------------+
+
+ The interfaces in libpam are MT-Safe only if each thread within the
+ multithreaded application uses its own PAM handle.
+
SEE ALSO
libpam(3LIB), pam(3PAM), pam_getenv(3PAM), pam_putenv(3PAM),
attributes(7)
-NOTES
- The interfaces in libpam are MT-Safe only if each thread within the
- multithreaded application uses its own PAM handle.
+HISTORY
+ The pam_getenvlist() function was introduced in Solaris 2.6.
-Oracle Solaris 11.4 13 Oct 1998 pam_getenvlist(3PAM)
+Oracle Solaris 11.4 15 Mar 2023 pam_getenvlist(3PAM)
diff -NurbBw 11.4.57/man3pam/pam_open_session.3pam 11.4.60/man3pam/pam_open_session.3pam
--- 11.4.57/man3pam/pam_open_session.3pam 2023-08-23 17:32:52.733598197 -0700
+++ 11.4.60/man3pam/pam_open_session.3pam 2023-08-23 17:33:21.637023651 -0700
@@ -42,7 +42,7 @@
ATTRIBUTES
- See attributes(7) for description of the following attributes:
+ See attributes(7) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
@@ -53,15 +53,19 @@
|MT-Level |MT-Safe with exceptions |
+-----------------------------+-----------------------------+
+
+ The interfaces in libpam are MT-Safe only if each thread within the
+ multithreaded application uses its own PAM handle.
+
SEE ALSO
getutxent(3C), pam(3PAM), pam_acct_mgmt(3PAM), pam_authenticate(3PAM),
- pam_start(3PAM), attributes(7)
+ pam_start(3PAM), attributes(7), pam_unix_session(7)
NOTES
In many instances, the pam_open_session() and pam_close_session() calls
- may be made by different processes. For example, in UNIX the login
- process opens a session, while the init process closes the session. In
- this case, UTMP/WTMP entries may be used to link the call to
+ may be made by different processes. For example, for console logins the
+ login process opens a session, while the init process closes the ses-
+ sion. In this case, UTMP/WTMP entries may be used to link the call to
pam_close_session() with an earlier call to pam_open_session(). This is
possible because UTMP/WTMP entries are uniquely identified by a combi-
nation of attributes, including the user login name and device name,
@@ -69,10 +73,10 @@
pam_open_session() should precede UTMP/WTMP entry management, and the
call to pam_close_session() should follow UTMP/WTMP exit management.
-
- The interfaces in libpam are MT-Safe only if each thread within the
- multithreaded application uses its own PAM handle.
+HISTORY
+ The pam_open_session() and pam_close_session() functions were intro-
+ duced in Solaris 2.6.
-Oracle Solaris 11.4 13 Oct 1998 pam_open_session(3PAM)
+Oracle Solaris 11.4 15 Mar 2023 pam_open_session(3PAM)
diff -NurbBw 11.4.57/man3pam/pam_putenv.3pam 11.4.60/man3pam/pam_putenv.3pam
--- 11.4.57/man3pam/pam_putenv.3pam 2023-08-23 17:32:52.763561535 -0700
+++ 11.4.60/man3pam/pam_putenv.3pam 2023-08-23 17:33:21.666322945 -0700
@@ -13,8 +13,8 @@
DESCRIPTION
The pam_putenv() function sets the value of the PAM environment vari-
- able name equal to value either by altering an existing PAM variable or
- by creating a new one.
+ able name to be equal to value either by altering an existing PAM vari-
+ able or by creating a new one.
The name_value argument points to a string of the form name=value. A
@@ -72,14 +72,17 @@
|MT-Level |MT-Safe with exceptions |
+-----------------------------+-----------------------------+
+
+ The interfaces in libpam are MT-Safe only if each thread within the
+ multithreaded application uses its own PAM handle.
+
SEE ALSO
dlopen(3C), libpam(3LIB), pam(3PAM), pam_getenv(3PAM), pam_geten-
vlist(3PAM), attributes(7)
-NOTES
- The interfaces in libpam are MT-Safe only if each thread within the
- multithreaded application uses its own PAM handle.
+HISTORY
+ The pam_putenv() function was introduced in Solaris 2.6.
-Oracle Solaris 11.4 1 Mar 2004 pam_putenv(3PAM)
+Oracle Solaris 11.4 15 Mar 2023 pam_putenv(3PAM)
diff -NurbBw 11.4.57/man3pam/pam_set_data.3pam 11.4.60/man3pam/pam_set_data.3pam
--- 11.4.57/man3pam/pam_set_data.3pam 2023-08-23 17:32:52.794532499 -0700
+++ 11.4.60/man3pam/pam_set_data.3pam 2023-08-23 17:33:21.701103610 -0700
@@ -9,6 +9,7 @@
SYNOPSIS
cc [ flag ... ] file ... -lpam [ library ... ]
#include <security/pam_appl.h>
+ #include <security/pam_modules.h>
int pam_set_data(pam_handle_t *pamh,
const char *module_data_name, void *data,
@@ -59,7 +60,7 @@
ATTRIBUTES
- See attributes(7) for description of the following attributes:
+ See attributes(7) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
@@ -70,13 +71,17 @@
|MT-Level |MT-Safe with exceptions |
+-----------------------------+-----------------------------+
-SEE ALSO
- libpam(3LIB), pam(3PAM), pam_end(3PAM), attributes(7)
-NOTES
The interfaces in libpam are MT-Safe only if each thread within the
multithreaded application uses its own PAM handle.
+SEE ALSO
+ libpam(3LIB), pam(3PAM), pam_end(3PAM), attributes(7)
+
+HISTORY
+ The pam_set_data() and pam_get_data() functions were introduced in
+ Solaris 2.6.
+
-Oracle Solaris 11.4 16 Jun 2011 pam_set_data(3PAM)
+Oracle Solaris 11.4 15 Mar 2023 pam_set_data(3PAM)
diff -NurbBw 11.4.57/man3pam/pam_set_item.3pam 11.4.60/man3pam/pam_set_item.3pam
--- 11.4.57/man3pam/pam_set_item.3pam 2023-08-23 17:32:52.825049127 -0700
+++ 11.4.60/man3pam/pam_set_item.3pam 2023-08-23 17:33:21.736091716 -0700
@@ -42,11 +42,11 @@
PAM_RESOURCE A semicolon-separated list of key=value pairs that
- represent the set of resource controls for applica-
- tion by pam_setcred(3PAM) or pam_open_session(3PAM).
- See the individual service module definitions, such
- as pam_unix_cred(7), for interpretations of the keys
- and values.
+ represent the set of resource controls to be set for
+ the application by pam_setcred(3PAM) or
+ pam_open_session(3PAM). See the individual service
+ module definitions, such as pam_unix_cred(7), for
+ interpretations of the keys and values.
PAM_RHOST The remote host name.
@@ -64,7 +64,7 @@
PAM_USER The user name.
- PAM_USER_PROMPT The default prompt used by pam_get_user().
+ PAM_USER_PROMPT The default prompt used by pam_get_user(3PAM).
PAM_REPOSITORY The repository that contains the authentication
@@ -121,7 +119,7 @@
return values.
ATTRIBUTES
- See attributes(7) for description of the following attributes:
+ See attributes(7) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
@@ -153,6 +151,31 @@
from a source other than pam_authenticate(3PAM). Such sources could be
sshd host-based authentication, kerberized rlogin, and su(8).
+HISTORY
+ The pam_set_item() and pam_get_item() functions were introduced in
+ Solaris 2.6.
+
+
+ Support for the following item types is available in Solaris starting
+ with the listed release:
+
+
+ +-------------------------------------------------+-------------------+
+ | ITEM TYPE | RELEASE |
+ +-------------------------------------------------+-------------------+
+ |PAM_DISPLAY |11.2.0 |
+ +-------------------------------------------------+-------------------+
+ |PAM_AUSER |10 8/08 (Update 6) |
+ +-------------------------------------------------+-------------------+
+ |PAM_RESOURCE |10 3/05 |
+ +-------------------------------------------------+-------------------+
+ |PAM_REPOSITORY |8 10/01 (Update 6) |
+ +-------------------------------------------------+-------------------+
+ |PAM_AUTHTOK, PAM_CONV, PAM_OLDAUTHTOK, |2.6 |
+ |PAM_RHOST, PAM_RUSER, PAM_SERVICE, PAM_TTY, | |
+ |PAM_USER, PAM_USER_PROMPT | |
+ +-------------------------------------------------+-------------------+
+
-Oracle Solaris 11.4 31 Oct 2006 pam_set_item(3PAM)
+Oracle Solaris 11.4 15 Mar 2023 pam_set_item(3PAM)
diff -NurbBw 11.4.57/man3pam/pam_setcred.3pam 11.4.60/man3pam/pam_setcred.3pam
--- 11.4.57/man3pam/pam_setcred.3pam 2023-08-23 17:32:52.855550045 -0700
+++ 11.4.60/man3pam/pam_setcred.3pam 2023-08-23 17:33:21.765444178 -0700
@@ -21,10 +19,10 @@
cate(3PAM) and pam_acct_mgmt(3PAM).
- The user is specified by a prior call to pam_start() or pam_set_item(),
- and is referenced by the authentication handle, pamh. The following
- flags may be set in the flags field. Note that the first four flags are
- mutually exclusive:
+ The user is specified by a prior call to pam_start(3PAM) or
+ pam_set_item(3PAM), and is referenced by the authentication handle,
+ pamh. The following flags may be set in the flags field. Note that the
+ first four flags are mutually exclusive:
PAM_ESTABLISH_CRED Set user credentials for an authentication
service.
@@ -66,7 +64,7 @@
ATTRIBUTES
- See attributes(7) for description of the following attributes:
+ See attributes(7) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
@@ -77,14 +75,17 @@
|MT-Level |MT-Safe with exceptions |
+-----------------------------+-----------------------------+
+
+ The interfaces in libpam are MT-Safe only if each thread within the
+ multithreaded application uses its own PAM handle.
+
SEE ALSO
libpam(3LIB), pam(3PAM), pam_acct_mgmt(3PAM), pam_authenticate(3PAM),
pam_set_item(3PAM), pam_start(3PAM), attributes(7)
-NOTES
- The interfaces in libpam are MT-Safe only if each thread within the
- multithreaded application uses its own PAM handle.
+HISTORY
+ The pam_setcred() function was introduced in Solaris 2.6.
-Oracle Solaris 11.4 10 Jan 2008 pam_setcred(3PAM)
+Oracle Solaris 11.4 15 Mar 2023 pam_setcred(3PAM)
diff -NurbBw 11.4.57/man3pam/pam_sm_acct_mgmt.3pam 11.4.60/man3pam/pam_sm_acct_mgmt.3pam
--- 11.4.57/man3pam/pam_sm_acct_mgmt.3pam 2023-08-23 17:32:52.888158290 -0700
+++ 11.4.60/man3pam/pam_sm_acct_mgmt.3pam 2023-08-23 17:33:21.796663268 -0700
@@ -41,9 +41,9 @@
- The user in question is specified by a prior call to pam_start(), and
- is referenced by the authentication handle, pamh, which is passed as
- the first argument to pam_sm_acct_mgmt(). The following flags may be
+ The user in question is specified by a prior call to pam_start(3PAM),
+ and is referenced by the authentication handle, pamh, which is passed
+ as the first argument to pam_sm_acct_mgmt(). The following flags may be
set in the flags field:
PAM_SILENT The account management service should not
@@ -72,8 +72,9 @@
If an account management module determines that the user password has
aged or expired, it should save this information as state in the
- authentication handle, pamh, using pam_set_data(). pam_chauthok() uses
- this information to determine which passwords have expired.
+ authentication handle, pamh, using pam_set_data(3PAM). pam_chauth-
+ tok(3PAM) uses this information to determine which passwords have
+ expired.
RETURN VALUES
If there are no restrictions to logging in, PAM_SUCCESS is returned.
@@ -98,7 +99,7 @@
ATTRIBUTES
- See attributes(7) for description of the following attributes:
+ See attributes(7) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
@@ -109,21 +110,28 @@
|MT-Level |MT-Safe with exceptions |
+-----------------------------+-----------------------------+
-SEE ALSO
- syslog(3C), libpam(3LIB), pam(3PAM), pam_acct_mgmt(3PAM),
- pam_set_data(3PAM), pam_start(3PAM), nologin(5), pam.conf(5),
- attributes(7)
-NOTES
The interfaces in libpam are MT-Safe only if each thread within the
multithreaded application uses its own PAM handle.
+SEE ALSO
+ syslog(3C), libpam(3LIB), pam(3PAM), pam_acct_mgmt(3PAM), pam_chauth-
+ tok(3PAM), pam_set_data(3PAM), pam_sm(3PAM), pam_start(3PAM), nolo-
+ gin(5), pam.conf(5), attributes(7)
+NOTES
If the PAM_REPOSITORY item_type is set and a service module does not
recognize the type, the service module does not process any informa-
tion, and returns PAM_IGNORE. If the PAM_REPOSITORY item_type is not
set, a service module performs its default action.
+HISTORY
+ Support for checking for /etc/nologin in pam_sm_acct_mgmt() and the
+ PAM_LOGINS_DISABLED return value was added in Solaris 11.2.0.
+
+
+ The pam_sm_acct_mgmt() API was introduced in Solaris 2.6.
+
-Oracle Solaris 11.4 3 Nov 2021 pam_sm_acct_mgmt(3PAM)
+Oracle Solaris 11.4 15 Mar 2023 pam_sm_acct_mgmt(3PAM)
diff -NurbBw 11.4.57/man3pam/pam_sm_authenticate.3pam 11.4.60/man3pam/pam_sm_authenticate.3pam
--- 11.4.57/man3pam/pam_sm_authenticate.3pam 2023-08-23 17:32:52.920631866 -0700
+++ 11.4.60/man3pam/pam_sm_authenticate.3pam 2023-08-23 17:33:21.828808717 -0700
@@ -26,8 +26,8 @@
the current user. The user is usually required to enter a password or
similar authentication token depending upon the authentication scheme
configured within the system. The user in question is specified by a
- prior call to pam_start(), and is referenced by the authentication han-
- dle pamh.
+ prior call to pam_start(3PAM), and is referenced by the authentication
+ handle pamh.
If the user is unknown to the authentication service, the service mod-
@@ -35,7 +35,7 @@
word. It should then return the error, PAM_USER_UNKNOWN.
- The following flag may be passed in to pam_sm_authenticate():
+ The following flags may be passed in to pam_sm_authenticate():
PAM_SILENT The authentication service should not gen-
erate any messages.
@@ -57,16 +57,16 @@
ignore the option.
- Before returning, pam_sm_authenticate() should call pam_get_item() and
- retrieve PAM_AUTHTOK. If it has not been set before and the value is
- NULL, pam_sm_authenticate() should set it to the password entered by
- the user using pam_set_item().
+ Before returning, pam_sm_authenticate() should call pam_get_item(3PAM)
+ and retrieve PAM_AUTHTOK. If it has not been set before and the value
+ is NULL, pam_sm_authenticate() should set it to the password entered by
+ the user using pam_set_item(3PAM).
An authentication module may save the authentication status (success or
reason for failure) as state in the authentication handle using
pam_set_data(3PAM). This information is intended for use by pam_set-
- cred().
+ cred(3PAM).
RETURN VALUES
Upon successful completion, PAM_SUCCESS must be returned. In addition,
@@ -93,11 +93,11 @@
PAM_IGNORE Ignore underlying authentication module
regardless of whether the control flag is
- required,optional, or sufficient1.
+ required, optional, or sufficient.
ATTRIBUTES
- See attributes(7) for description of the following attributes:
+ See attributes(7) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
@@ -108,10 +108,14 @@
|MT-Level |MT-Safe with exceptions |
+-----------------------------+-----------------------------+
+
+ The interfaces in libpam are MT-Safe only if each thread within the
+ multithreaded application uses its own PAM handle.
+
SEE ALSO
libpam(3LIB), pam(3PAM), pam_authenticate(3PAM), pam_get_item(3PAM),
pam_set_data(3PAM), pam_set_item(3PAM), pam_setcred(3PAM),
- pam_start(3PAM), pam.conf(5), attributes(7)
+ pam_sm(3PAM), pam_start(3PAM), pam.conf(5), attributes(7)
NOTES
Modules should not retry the authentication in the event of a failure.
@@ -120,15 +124,14 @@
TRIES error.
- The interfaces in libpam are MT-Safe only if each thread within the
- multithreaded application uses its own PAM handle.
-
-
If the PAM_REPOSITORY item_type is set and a service module does not
recognize the type, the service module does not process any informa-
tion, and returns PAM_IGNORE. If the PAM_REPOSITORY item_type is not
set, a service module performs its default action.
+HISTORY
+ The pam_sm_authenticate() API was introduced in Solaris 2.6.
+
-Oracle Solaris 11.4 22 May 2012 pam_sm_authenticate(3PAM)
+Oracle Solaris 11.4 15 Mar 2023 pam_sm_authenticate(3PAM)
diff -NurbBw 11.4.57/man3pam/pam_sm_chauthtok.3pam 11.4.60/man3pam/pam_sm_chauthtok.3pam
--- 11.4.57/man3pam/pam_sm_chauthtok.3pam 2023-08-23 17:32:52.951396081 -0700
+++ 11.4.60/man3pam/pam_sm_chauthtok.3pam 2023-08-23 17:33:21.861431435 -0700
@@ -14,7 +14,7 @@
const char **argv);
DESCRIPTION
- In response to a call to pam_chauthtok() the PAM framework calls
+ In response to a call to pam_chauthtok(3PAM) the PAM framework calls
pam_sm_chauthtok() from the modules listed in the pam.conf(5) file or
the relevant /etc/pam.d/service file. The password management provider
supplies the back-end functionality for this interface function.
@@ -25,7 +25,7 @@
pamh.
- The following flag may be passed to pam_chauthtok():
+ The following flags may be passed to pam_chauthtok():
PAM_SILENT The password service should not generate
any messages.
@@ -42,17 +42,17 @@
be updated.
+ PAM_UPDATE_AUTHTOK The password service should update pass-
+ words.
+
+
PAM_NO_AUTHTOK_CHECK The password service should not perform
conformance checks on the structure of
the password. Conformance checks do not
- apply to verification that the same pass-
+ include verification that the same pass-
word was entered during both passes.
- PAM_UPDATE_AUTHTOK The password service should update pass-
- words.
-
-
Note that PAM_PRELIM_CHECK and PAM_UPDATE_AUTHTOK cannot be set at the
same time.
@@ -79,7 +79,7 @@
ments.
- Before returning, pam_sm_chauthtok() should call pam_get_item() and
+ Before returning, pam_sm_chauthtok() should call pam_get_item(3PAM) and
retrieve both PAM_AUTHTOK and PAM_OLDAUTHTOK. If both are NULL,
pam_sm_chauthtok() should set them to the new and old passwords as
entered by the user.
@@ -112,7 +112,7 @@
ATTRIBUTES
- See attributes(7) for description of the following attributes:
+ See attributes(7) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
@@ -123,24 +123,28 @@
|MT-Level |MT-Safe with exceptions |
+-----------------------------+-----------------------------+
+
+ The interfaces in libpam are MT-Safe only if each thread within the
+ multithreaded application uses its own PAM handle.
+
SEE ALSO
libpam(3LIB), pam(3PAM), pam_chauthtok(3PAM), pam_get_data(3PAM),
- pam_get_item(3PAM), pam_set_data(3PAM), pam.conf(5), attributes(7),
- ping(8)
+ pam_get_item(3PAM), pam_set_data(3PAM), pam_sm(3PAM), pam.conf(5),
+ attributes(7), ping(8)
NOTES
The PAM framework invokes the password services twice. The first time
- the modules are invoked with the flag, PAM_PRELIM_CHECK. During this
+ the modules are invoked with the flag PAM_PRELIM_CHECK. During this
stage, the password modules should only perform preliminary checks. For
example, they may ping remote name services to see if they are ready
for updates. If a password module detects a transient error such as a
remote name service temporarily down, it should return PAM_TRY_AGAIN to
the PAM framework, which will immediately return the error back to the
application. If all password modules pass the preliminary check, the
- PAM framework invokes the password services again with the flag,
+ PAM framework invokes the password services again with the flag
PAM_UPDATE_AUTHTOK. During this stage, each password module should pro-
ceed to update the appropriate password. Any error will again be
- reported back to application.
+ reported back to the application.
If a service module receives the flag PAM_CHANGE_EXPIRED_AUTHTOK, it
@@ -152,14 +156,10 @@
If a user's password has aged or expired, a PAM account module could
save this information as state in the authentication handle, pamh,
- using pam_set_data(). The related password management module could
- retrieve this information using pam_get_data() to determine whether or
- not it should prompt the user to update the password for this particu-
- lar module.
-
-
- The interfaces in libpam are MT-Safe only if each thread within the
- multithreaded application uses its own PAM handle.
+ using pam_set_data(3PAM). The related password management module could
+ retrieve this information using pam_get_data(3PAM) to determine whether
+ or not it should prompt the user to update the password for this par-
+ ticular module.
If the PAM_REPOSITORY item_type is set and a service module does not
@@ -167,6 +167,13 @@
tion, and returns PAM_IGNORE. If the PAM_REPOSITORY item_type is not
set, a service module performs its default action.
+HISTORY
+ The PAM_NO_AUTHTOK_CHECK flag was added in the Oracle Solaris 11.0.0
+ release.
+
+
+ The pam_sm_chauthtok() API was introduced in Solaris 2.6.
+
-Oracle Solaris 11.4 22 May 2012 pam_sm_chauthtok(3PAM)
+Oracle Solaris 11.4 15 Mar 2023 pam_sm_chauthtok(3PAM)
diff -NurbBw 11.4.57/man3pam/pam_sm_close_session.3pam 11.4.60/man3pam/pam_sm_close_session.3pam
--- 11.4.57/man3pam/pam_sm_close_session.3pam 2023-08-23 17:32:52.982620856 -0700
+++ 11.4.60/man3pam/pam_sm_close_session.3pam 2023-08-23 17:33:21.893321927 -0700
@@ -52,12 +52,12 @@
PAM_IGNORE Ignore underlying session module regardless of
- whether the control flag is required, optional or
+ whether the control flag is required, optional, or
sufficient.
ATTRIBUTES
- See attributes(7) for description of the following attributes:
+ See attributes(7) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
@@ -68,14 +68,18 @@
|MT-Level |MT-Safe with exceptions |
+-----------------------------+-----------------------------+
-SEE ALSO
- syslog(3C), libpam(3LIB), pam(3PAM), pam_open_session(3PAM),
- pam.conf(5), attributes(7)
-NOTES
The interfaces in libpam are MT-Safe only if each thread within the
multithreaded application uses its own PAM handle.
+SEE ALSO
+ syslog(3C), libpam(3LIB), pam(3PAM), pam_open_session(3PAM),
+ pam_sm(3PAM), pam.conf(5), attributes(7)
+
+HISTORY
+ The pam_sm_open_session() and pam_sm_close_session() APIs were intro-
+ duced in Solaris 2.6.
+
-Oracle Solaris 11.4 22 May 2012 pam_sm_open_session(3PAM)
+Oracle Solaris 11.4 15 Mar 2023 pam_sm_open_session(3PAM)
diff -NurbBw 11.4.57/man3pam/pam_sm_open_session.3pam 11.4.60/man3pam/pam_sm_open_session.3pam
--- 11.4.57/man3pam/pam_sm_open_session.3pam 2023-08-23 17:32:53.016177799 -0700
+++ 11.4.60/man3pam/pam_sm_open_session.3pam 2023-08-23 17:33:21.923927511 -0700
@@ -52,12 +52,12 @@
PAM_IGNORE Ignore underlying session module regardless of
- whether the control flag is required, optional or
+ whether the control flag is required, optional, or
sufficient.
ATTRIBUTES
- See attributes(7) for description of the following attributes:
+ See attributes(7) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
@@ -68,14 +68,18 @@
|MT-Level |MT-Safe with exceptions |
+-----------------------------+-----------------------------+
-SEE ALSO
- syslog(3C), libpam(3LIB), pam(3PAM), pam_open_session(3PAM),
- pam.conf(5), attributes(7)
-NOTES
The interfaces in libpam are MT-Safe only if each thread within the
multithreaded application uses its own PAM handle.
+SEE ALSO
+ syslog(3C), libpam(3LIB), pam(3PAM), pam_open_session(3PAM),
+ pam_sm(3PAM), pam.conf(5), attributes(7)
+
+HISTORY
+ The pam_sm_open_session() and pam_sm_close_session() APIs were intro-
+ duced in Solaris 2.6.
+
-Oracle Solaris 11.4 22 May 2012 pam_sm_open_session(3PAM)
+Oracle Solaris 11.4 15 Mar 2023 pam_sm_open_session(3PAM)
diff -NurbBw 11.4.57/man3pam/pam_sm_setcred.3pam 11.4.60/man3pam/pam_sm_setcred.3pam
--- 11.4.57/man3pam/pam_sm_setcred.3pam 2023-08-23 17:32:53.046245240 -0700
+++ 11.4.60/man3pam/pam_sm_setcred.3pam 2023-08-23 17:33:21.956596559 -0700
@@ -88,7 +88,7 @@
ATTRIBUTES
- See attributes(7) for description of the following attributes:
+ See attributes(7) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
@@ -99,25 +99,28 @@
|MT-Level |MT-Safe with exceptions |
+-----------------------------+-----------------------------+
+
+ The interfaces in libpam are MT-Safe only if each thread within the
+ multithreaded application uses its own PAM handle.
+
SEE ALSO
- libpam(3LIB), pam(3PAM), pam_authenticate(3PAM) pam_get_data(3PAM),
- pam_setcred(3PAM), pam_sm_authenticate(3PAM), pam.conf(5),
- attributes(7)
+ libpam(3LIB), pam(3PAM), pam_authenticate(3PAM), pam_get_data(3PAM),
+ pam_setcred(3PAM), pam_sm(3PAM), pam_sm_authenticate(3PAM),
+ pam.conf(5), attributes(7)
NOTES
The pam_sm_setcred() function is passed the same module options that
are used by pam_sm_authenticate().
- The interfaces in libpam are MT-Safe only if each thread within the
- multithreaded application uses its own PAM handle.
-
-
If the PAM_REPOSITORY item_type is set and a service module does not
recognize the type, the service module does not process any informa-
tion, and returns PAM_IGNORE. If the PAM_REPOSITORY item_type is not
set, a service module performs its default action.
+HISTORY
+ The pam_sm_setcred() API was introduced in Solaris 2.6.
+
-Oracle Solaris 11.4 22 May 2012 pam_sm_setcred(3PAM)
+Oracle Solaris 11.4 15 Mar 2023 pam_sm_setcred(3PAM)
diff -NurbBw 11.4.57/man3pam/pam_sm.3pam 11.4.60/man3pam/pam_sm.3pam
--- 11.4.57/man3pam/pam_sm.3pam 2023-08-23 17:32:53.084647021 -0700
+++ 11.4.60/man3pam/pam_sm.3pam 2023-08-23 17:33:21.990684942 -0700
@@ -11,16 +11,17 @@
cc [ flag ...] file ... -lpam [ library ...]
DESCRIPTION
- PAM gives system administrators the flexibility of choosing any authen-
- tication service available on the system to perform authentication. The
- framework also allows new authentication service modules to be plugged
- in and made available without modifying the applications.
+ The Pluggable Authentication Module (PAM) framework gives system admin-
+ istrators the flexibility of choosing any authentication service avail-
+ able on the system to perform authentication. The framework also allows
+ new authentication service modules to be plugged in and made available
+ without modifying the applications.
- The PAM framework, libpam, consists of an interface library and multi-
- ple authentication service modules. The PAM interface library is the
- layer that implements the Application Programming Interface ( API ).
- The authentication service modules are a set of dynamically loadable
+ PAM consists of an interface library, libpam(3LIB), and multiple
+ authentication service modules. The PAM interface library is the layer
+ that implements the Application Programming Interface (API). The
+ authentication service modules are a set of dynamically loadable
objects invoked by the PAM API to provide a particular type of user
authentication.
@@ -65,19 +66,19 @@
Stateful Interface
A sequence of calls sharing a common set of state information is
referred to as an authentication transaction. An authentication trans-
- action begins with a call to pam_start(). pam_start() allocates space,
- performs various initialization activities, and assigns an authentica-
- tion handle to be used for subsequent calls to the library. Note that
- the service modules do not get called or initialized when pam_start()
- is called. The modules are loaded and the symbols resolved upon first
- use of that function.
+ action begins with a call to pam_start(3PAM). pam_start() allocates
+ space, performs various initialization activities, and assigns an
+ authentication handle to be used for subsequent calls to the library.
+ Note that the service modules do not get called or initialized when
+ pam_start() is called. The modules are loaded and the symbols resolved
+ upon first use of that function.
The PAM handle keeps certain information about the transaction that can
- be accessed through the pam_get_item() API. Though the modules can
- also use pam_set_item() to change any of the item information, it is
- recommended that nothing be changed except PAM_AUTHTOK and PAM_OLDAUTH-
- TOK.
+ be accessed through the pam_get_item(3PAM) API. Though the modules can
+ also use pam_set_item(3PAM) to change any of the item information, it
+ is recommended that nothing be changed except PAM_AUTHTOK and
+ PAM_OLDAUTHTOK.
If the modules want to store any module specific state information then
@@ -132,13 +133,13 @@
By convention, the modules should be located in the /usr/lib/security
- directory. Additional modules may be located in /opt/<pkg>/lib. Archi-
- tecture specific libraries (for example, sparcv9 or amd64) are located
- in their respective subdirectories.
+ directory, with 32-bit modules in the top-level directory, and 64-bit
+ modules in a subdirectory named for their architecture (for example,
+ sparcv9 or amd64). Additional modules may be located in /opt/<pkg>/lib.
For every such module, there should be a corresponding manual page in
- section 5 which should describe the module_type it supports, the func-
+ section 7 which should describe the module_type it supports, the func-
tionality of the module, along with the options it supports. The depen-
dencies should be clearly identified to the system administrator. For
example, it should be made clear whether this module is a standalone
@@ -180,7 +181,7 @@
contribute to the decision being made by the PAM framework.
ATTRIBUTES
- See attributes(7) for description of the following attributes:
+ See attributes(7) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
@@ -191,6 +192,10 @@
|MT-Level |MT-Safe with exceptions |
+-----------------------------+-----------------------------+
+
+ The interfaces in libpam are MT-Safe only if each thread within the
+ multithreaded application uses its own PAM handle.
+
SEE ALSO
syslog(3C), pam_setcred(3PAM), pam(3PAM), pam_authenticate(3PAM),
pam_chauthtok(3PAM), pam_get_user(3PAM), pam_open_session(3PAM),
@@ -201,10 +206,13 @@
pam_passwd_auth(7), pam_unix_account(7), pam_unix_auth(7),
pam_unix_session(7)
-NOTES
- The interfaces in libpam are MT-Safe only if each thread within the
- multithreaded application uses its own PAM handle.
+HISTORY
+ The PAM framework was introduced in the Solaris 2.3 release as a Pri-
+ vate API. It was revamped and released as a Public API in Solaris 2.6.
+
+
+ See the man pages for each function or module for its history.
-Oracle Solaris 11.4 11 May 2021 pam_sm(3PAM)
+Oracle Solaris 11.4 15 Mar 2023 pam_sm(3PAM)
diff -NurbBw 11.4.57/man3pam/pam_start.3pam 11.4.60/man3pam/pam_start.3pam
--- 11.4.57/man3pam/pam_start.3pam 2023-08-23 17:32:53.115563367 -0700
+++ 11.4.60/man3pam/pam_start.3pam 2023-08-23 17:33:22.023662078 -0700
@@ -125,7 +125,7 @@
Refer to the RETURN VALUES section on pam(3PAM).
ATTRIBUTES
- See attributes(7) for description of the following attributes:
+ See attributes(7) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
@@ -136,6 +136,10 @@
|MT-Level |MT-Safe with exceptions |
+-----------------------------+-----------------------------+
+
+ The interfaces in libpam are MT-Safe only if each thread within the
+ multithreaded application uses its own PAM handle.
+
SEE ALSO
libpam(3LIB), pam(3PAM), pam_acct_mgmt(3PAM), pam_authenticate(3PAM),
pam_chauthtok(3PAM), pam_open_session(3PAM), pam_set_data(3PAM),
@@ -144,10 +148,9 @@
Developer's Guide to Oracle Solaris 11.4 Security
-NOTES
- The interfaces in libpam are MT-Safe only if each thread within the
- multithreaded application uses its own PAM handle.
+HISTORY
+ The pam_start() function was introduced in Solaris 2.6.
-Oracle Solaris 11.4 16 Jun 2011 pam_start(3PAM)
+Oracle Solaris 11.4 15 Mar 2023 pam_start(3PAM)
diff -NurbBw 11.4.57/man3pam/pam_strerror.3pam 11.4.60/man3pam/pam_strerror.3pam
--- 11.4.57/man3pam/pam_strerror.3pam 2023-08-23 17:32:53.147203191 -0700
+++ 11.4.60/man3pam/pam_strerror.3pam 2023-08-23 17:33:22.056513824 -0700
@@ -26,7 +26,7 @@
errnum is out-of-range.
ATTRIBUTES
- See attributes(7) for description of the following attributes:
+ See attributes(7) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
@@ -37,13 +37,16 @@
|MT-Level |MT-Safe with exceptions |
+-----------------------------+-----------------------------+
-SEE ALSO
- pam(3PAM), pam_start(3PAM), attributes(7)
-NOTES
The interfaces in libpam are MT-Safe only if each thread within the
multithreaded application uses its own PAM handle.
+SEE ALSO
+ pam(3PAM), pam_start(3PAM), attributes(7)
+
+HISTORY
+ The pam_strerror() function was introduced in Solaris 2.6.
+
-Oracle Solaris 11.4 9 Jul 2003 pam_strerror(3PAM)
+Oracle Solaris 11.4 15 Mar 2023 pam_strerror(3PAM)
diff -NurbBw 11.4.57/man3pam/pam.3pam 11.4.60/man3pam/pam.3pam
--- 11.4.57/man3pam/pam.3pam 2023-08-23 17:32:53.182022869 -0700
+++ 11.4.60/man3pam/pam.3pam 2023-08-23 17:33:22.089895397 -0700
@@ -3,23 +3,29 @@
NAME
- pam - PAM (Pluggable Authentication Module)
+ pam - PAM (Pluggable Authentication Module) framework
SYNOPSIS
#include <security/pam_appl.h>
cc [ flag... ] file ... -lpam [ library ... ]
DESCRIPTION
- The PAM framework, libpam, consists of an interface library and multi-
- ple authentication service modules. The PAM interface library is the
- layer implementing the Application Programming Interface ( API ). The
- authentication service modules are a set of dynamically loadable
- objects invoked by the PAM API to provide a particular type of user
- authentication. PAM gives system administrators the flexibility of
- choosing any authentication service available on the system to perform
- authentication. This framework also allows new authentication service
- modules to be plugged in and made available without modifying the
- applications.
+ The Pluggable Authentication Module (PAM) framework consists of an
+ interface library, libpam(3LIB), and multiple authentication service
+ modules. The PAM interface library is the layer implementing the Appli-
+ cation Programming Interface (API). The authentication service modules
+ are a set of dynamically loadable objects invoked by the PAM API to
+ provide a particular type of user authentication. PAM gives system
+ administrators the flexibility of choosing any authentication service
+ available on the system to perform authentication. This framework also
+ allows new authentication service modules to be plugged in and made
+ available without modifying the applications.
+
+
+ This manual page gives an overview of the PAM APIs for applications to
+ call. The pam_sm(3PAM) manual page gives an overview of the PAM APIs
+ used by the framework to call the service modules, also called the Ser-
+ vice Provider Interface (PAM-SPI).
Refer to Chapter 3, Writing PAM Applications and Services in Devel-
@@ -27,6 +33,11 @@
viding authentication, account management, session management, and
password management through PAM modules.
+
+ Refer to Chapter 1, Using Pluggable Authentication Modules in Managing
+ Authentication in Oracle Solaris 11.4 for information about configuring
+ the PAM modules to be used by applications.
+
Interface Overview
The PAM library interface consists of six categories of functions, the
names for which all start with the prefix pam_.
@@ -177,7 +188,7 @@
ATTRIBUTES
- See attributes(7) for description of the following attributes:
+ See attributes(7) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
@@ -186,19 +197,29 @@
|MT Level |MT-Safe with exceptions |
+-----------------------------+-----------------------------+
+
+ The interfaces in libpam are MT-Safe only if each thread within the
+ multithreaded application uses its own PAM handle.
+
SEE ALSO
- login(1), pam_authenticate(3PAM), pam_chauthtok(3PAM), pam_eval(3PAM),
- pam_open_session(3PAM), pam_set_item(3PAM), pam_setcred(3PAM),
- pam_sm(3PAM), pam_start(3PAM), pam_strerror(3PAM), pam.conf(5),
- attributes(7)
+ login(1), libpam(3LIB), pam_authenticate(3PAM), pam_chauthtok(3PAM),
+ pam_eval(3PAM), pam_open_session(3PAM), pam_set_item(3PAM), pam_set-
+ cred(3PAM), pam_sm(3PAM), pam_start(3PAM), pam_strerror(3PAM),
+ pam.conf(5), attributes(7)
Developer's Guide to Oracle Solaris 11.4 Security
-NOTES
- The interfaces in libpam() are MT-Safe only if each thread within the
- multithreaded application uses its own PAM handle.
+
+ Managing Authentication in Oracle Solaris 11.4
+
+HISTORY
+ The PAM framework was introduced in the Solaris 2.3 release as a Pri-
+ vate API. It was revamped and released as a Public API in Solaris 2.6.
+
+
+ See the man pages for each function or module for its history.
-Oracle Solaris 11.4 22 May 2012 pam(3PAM)
+Oracle Solaris 11.4 15 Mar 2023 pam(3PAM)
diff -NurbBw 11.4.57/man4d/audio810.4d 11.4.60/man4d/audio810.4d
--- 11.4.57/man4d/audio810.4d 2023-08-23 17:32:53.211967480 -0700
+++ 11.4.60/man4d/audio810.4d 2023-08-23 17:33:22.120760572 -0700
@@ -24,7 +24,7 @@
+--------------------+---------------------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+--------------------+---------------------------------------+
- |Architecture | PC-based systems |
+ |Architecture | x86 |
+--------------------+---------------------------------------+
|Availability | driver/audio/audio810 |
+--------------------+---------------------------------------+
@@ -50,4 +50,4 @@
-Oracle Solaris 11.4 07 Nov 2016 audio810(4D)
+Oracle Solaris 11.4 14 Jun 2023 audio810(4D)
diff -NurbBw 11.4.57/man4d/audiocmi.4d 11.4.60/man4d/audiocmi.4d
--- 11.4.57/man4d/audiocmi.4d 2023-08-23 17:32:53.245087756 -0700
+++ 11.4.60/man4d/audiocmi.4d 2023-08-23 17:33:22.149408949 -0700
@@ -33,7 +33,7 @@
+--------------------+--------------------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+--------------------+--------------------------------------+
- |Architecture |PC-based system |
+ |Architecture |x86 |
+--------------------+--------------------------------------+
|Availability |driver/audio/audiocmi |
+--------------------+--------------------------------------+
@@ -43,4 +43,4 @@
-Oracle Solaris 11.4 4 Jan 2012 audiocmi(4D)
+Oracle Solaris 11.4 14 Jun 2023 audiocmi(4D)
diff -NurbBw 11.4.57/man4d/audiohd.4d 11.4.60/man4d/audiohd.4d
--- 11.4.57/man4d/audiohd.4d 2023-08-23 17:32:53.276016342 -0700
+++ 11.4.60/man4d/audiohd.4d 2023-08-23 17:33:22.179389360 -0700
@@ -24,7 +24,7 @@
+--------------------+---------------------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+--------------------+---------------------------------------+
- |Architecture | PC-based system |
+ |Architecture | x86 |
+--------------------+---------------------------------------+
|Availability | driver/audio/audiohd |
+--------------------+---------------------------------------+
@@ -42,4 +42,4 @@
-Oracle Solaris 11.4 4 Jan 2012 audiohd(4D)
+Oracle Solaris 11.4 14 Jun 2023 audiohd(4D)
diff -NurbBw 11.4.57/man4d/audioixp.4d 11.4.60/man4d/audioixp.4d
--- 11.4.57/man4d/audioixp.4d 2023-08-23 17:32:53.308684705 -0700
+++ 11.4.60/man4d/audioixp.4d 2023-08-23 17:33:22.210649142 -0700
@@ -27,7 +27,7 @@
+--------------------+---------------------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+--------------------+---------------------------------------+
- |Architecture | PC-based system |
+ |Architecture | x86 |
+--------------------+---------------------------------------+
|Availability | driver/audio/audioixp |
+--------------------+---------------------------------------+
@@ -42,4 +42,4 @@
-Oracle Solaris 11.4 4 Jan 2012 audioixp(4D)
+Oracle Solaris 11.4 14 Jun 2023 audioixp(4D)
diff -NurbBw 11.4.57/man4d/audiols.4d 11.4.60/man4d/audiols.4d
--- 11.4.57/man4d/audiols.4d 2023-08-23 17:32:53.338935246 -0700
+++ 11.4.60/man4d/audiols.4d 2023-08-23 17:33:22.242617760 -0700
@@ -17,7 +17,9 @@
This device is capable of 5.1 surround sound.
FILES
- /kernel/drv/amd64/audiols 64-bit kernel driver module
+ /kernel/drv/amd64/audiols, /kernel/drv/sparcv9/audiols
+
+ 64-bit kernel driver module
ATTRIBUTES
@@ -27,7 +29,7 @@
+--------------------+--------------------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+--------------------+--------------------------------------+
- |Architecture |x86 |
+ |Architecture |SPARC, x86 |
+--------------------+--------------------------------------+
|Availability |driver/audio/audiols |
+--------------------+--------------------------------------+
@@ -37,4 +39,4 @@
-Oracle Solaris 11.4 4 Jan 2012 audiols(4D)
+Oracle Solaris 11.4 14 Jun 2023 audiols(4D)
diff -NurbBw 11.4.57/man4d/audiots.4d 11.4.60/man4d/audiots.4d
--- 11.4.57/man4d/audiots.4d 2023-08-23 17:32:53.368344730 -0700
+++ 11.4.60/man4d/audiots.4d 2023-08-23 17:33:22.273620106 -0700
@@ -14,7 +14,7 @@
phone, line out, line in, and microphone.
FILES
- /kernel/drv/sparcv9/audiots
+ /kernel/drv/amd64/audiots, /kernel/drv/sparcv9/audiots
64-bit audiots driver
@@ -31,7 +31,7 @@
+--------------------+---------------------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+--------------------+---------------------------------------+
- |Architecture | SPARC |
+ |Architecture | SPARC, x86 |
+--------------------+---------------------------------------+
|Availability | system/io/audio |
+--------------------+---------------------------------------+
@@ -47,4 +47,4 @@
-Oracle Solaris 11.4 16 Aug 2011 audiots(4D)
+Oracle Solaris 11.4 14 Jun 2023 audiots(4D)
diff -NurbBw 11.4.57/man4d/bnx.4d 11.4.60/man4d/bnx.4d
--- 11.4.57/man4d/bnx.4d 2023-08-23 17:32:53.412210698 -0700
+++ 11.4.60/man4d/bnx.4d 2023-08-23 17:33:22.310614081 -0700
@@ -268,6 +268,9 @@
/kernel/drv/amd64/bnx 64-bit ELF Kernel module (x86)
+ /kernel/drv/sparcv9/bnx 64-bit ELF Kernel module (SPARC)
+
+
/kernel/drv/bnx.conf Driver configuration file
@@ -280,7 +283,7 @@
+-----------------------------+-----------------------------+
|Availability |driver/network/ethernet/bnx |
+-----------------------------+-----------------------------+
- |Architecture |x86 |
+ |Architecture |SPARC, x86 |
+-----------------------------+-----------------------------+
|Interface Stability |See below. |
+-----------------------------+-----------------------------+
@@ -300,4 +303,4 @@
- Oracle Solaris 11.4 22 Dec 2017 bnx(4D)
+ Oracle Solaris 11.4 14 Jun 2023 bnx(4D)
diff -NurbBw 11.4.57/man4d/bnxe.4d 11.4.60/man4d/bnxe.4d
--- 11.4.57/man4d/bnxe.4d 2023-08-23 17:32:53.444214598 -0700
+++ 11.4.60/man4d/bnxe.4d 2023-08-23 17:33:22.340480385 -0700
@@ -129,7 +125,7 @@
+-----------------------------+-----------------------------+
|Availability |driver/network/ethernet/bnxe |
+-----------------------------+-----------------------------+
- |Architecture |x86 |
+ |Architecture |SPARC, x86 |
+-----------------------------+-----------------------------+
SEE ALSO
@@ -150,4 +146,4 @@
- Oracle Solaris 11.4 11 May 2021 bnxe(4D)
+ Oracle Solaris 11.4 14 Jun 2023 bnxe(4D)
diff -NurbBw 11.4.57/man4d/cpqary3.4d 11.4.60/man4d/cpqary3.4d
--- 11.4.57/man4d/cpqary3.4d 2023-08-23 17:32:53.475856737 -0700
+++ 11.4.60/man4d/cpqary3.4d 2023-08-23 17:33:22.372189451 -0700
@@ -104,6 +104,18 @@
/dev/rmt Special file names for SCSI tape devices
+ATTRIBUTES
+ See attributes(7) for descriptions of the following attributes:
+
+
+ +-----------------------------+-----------------------------+
+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+ +-----------------------------+-----------------------------+
+ |Architecture |x86 |
+ +-----------------------------+-----------------------------+
+ |Availability |driver/storage/cpqary3 |
+ +-----------------------------+-----------------------------+
+
SEE ALSO
sd(4D), st(4D), driver.conf(5)
@@ -124,4 +136,4 @@
-Oracle Solaris 11.4 13 Nov 2020 cpqary3(4D)
+Oracle Solaris 11.4 14 Jun 2023 cpqary3(4D)
diff -NurbBw 11.4.57/man4d/ehci.4d 11.4.60/man4d/ehci.4d
--- 11.4.57/man4d/ehci.4d 2023-08-23 17:32:53.508298660 -0700
+++ 11.4.60/man4d/ehci.4d 2023-08-23 17:33:22.403996486 -0700
@@ -47,13 +47,13 @@
See attributes(7) for descriptions of the following attributes:
- +-----------------------------+------------------------------+
+ +-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
- +-----------------------------+------------------------------+
- |Architecture |SPARC, x86, PCI-based systems |
- +-----------------------------+------------------------------+
+ +-----------------------------+-----------------------------+
+ |Architecture |SPARC, x86 |
+ +-----------------------------+-----------------------------+
|Availability |system/io/usb |
- +-----------------------------+------------------------------+
+ +-----------------------------+-----------------------------+
SEE ALSO
hubd(4D), ohci(4D), uhci(4D), usba(4D), attributes(7), add_drv(8), prt-
@@ -202,9 +200,9 @@
....
- A more specific alias is 'pci1106,3104.' Perform the follow-
- ing step to add this alias, then reboot the system:
+ A more specific alias is 'pci1106,3104'. Perform the following step to
+ add this alias, then reboot the system:
# update_drv -a -i '"pci1106,3104"' ehci
@@ -220,4 +218,4 @@
-Oracle Solaris 11.4 20 Jul 2020 ehci(4D)
+Oracle Solaris 11.4 14 Jun 2023 ehci(4D)
diff -NurbBw 11.4.57/man4d/fcip.4d 11.4.60/man4d/fcip.4d
--- 11.4.57/man4d/fcip.4d 2023-08-23 17:32:53.541254231 -0700
+++ 11.4.60/man4d/fcip.4d 2023-08-23 17:33:22.437451321 -0700
@@ -131,7 +131,7 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
- |Architecture |SPARC |
+ |Architecture |SPARC, x86 |
+-----------------------------+-----------------------------+
|Availability |system/io/fc/ip-over-fc |
+-----------------------------+-----------------------------+
@@ -167,4 +167,4 @@
-Oracle Solaris 11.4 5 Jan 2012 fcip(4D)
+Oracle Solaris 11.4 14 Jun 2023 fcip(4D)
diff -NurbBw 11.4.57/man4d/fcp.4d 11.4.60/man4d/fcp.4d
--- 11.4.57/man4d/fcp.4d 2023-08-23 17:32:53.570436792 -0700
+++ 11.4.60/man4d/fcp.4d 2023-08-23 17:33:22.466490456 -0700
@@ -9,8 +9,7 @@
The fcp driver is the upper layer protocol that supports mechanisms for
transporting SCSI commands over Fibre Channel. The fcp driver, which
interfaces with the Sun Fibre Channel transport library fctl(4D), sup-
- ports the standard functions provided by the SCSA
- interface.
+ ports the standard functions provided by the SCSA interface.
FILES
/kernel/drv/amd64/fcp 64-bit ELF kernel driver (x86)
@@ -26,7 +25,7 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
- |Architecture |SPARC |
+ |Architecture |SPARC, x86 |
+-----------------------------+-----------------------------+
|Interface Stability |Unknown |
+-----------------------------+-----------------------------+
@@ -54,12 +53,11 @@
SCSI Architecture Model - 4 (SAM-4) Fibre Channel Private Loop SCSI
- Direct Attach
- (FC-PLDA) ANSI X3.270-1996
+ Direct Attach (FC-PLDA) ANSI X3.270-1996
Fabric Loop Attachment (FC-FLA), NCITS TR-20:1998
-Oracle Solaris 11.4 6 Oct 2014 fcp(4D)
+Oracle Solaris 11.4 14 Jun 2023 fcp(4D)
diff -NurbBw 11.4.57/man4d/fjcmi.4d 11.4.60/man4d/fjcmi.4d
--- 11.4.57/man4d/fjcmi.4d 2023-08-23 17:32:53.600520557 -0700
+++ 11.4.60/man4d/fjcmi.4d 2023-08-23 17:33:22.496545609 -0700
@@ -69,6 +68,8 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
+ |Architecture |SPARC |
+ +-----------------------------+-----------------------------+
|Interface Stability |Uncommitted |
+-----------------------------+-----------------------------+
|Availability |system/fjcmi |
@@ -79,4 +80,4 @@
-Oracle Solaris 11.4 10 Mar 2016 fjcmi(4D)
+Oracle Solaris 11.4 14 Jun 2023 fjcmi(4D)
diff -NurbBw 11.4.57/man4d/fjgmu.4d 11.4.60/man4d/fjgmu.4d
--- 11.4.57/man4d/fjgmu.4d 2023-08-23 17:32:53.631956168 -0700
+++ 11.4.60/man4d/fjgmu.4d 2023-08-23 17:33:22.527054689 -0700
@@ -64,6 +63,8 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
+ |Architecture |SPARC |
+ +-----------------------------+-----------------------------+
|Interface Stability |Uncommitted |
+-----------------------------+-----------------------------+
|Availability |system/fjcmi |
@@ -74,4 +75,4 @@
-Oracle Solaris 11.4 10 Mar 2016 fjgmu(4D)
+Oracle Solaris 11.4 14 Jun 2023 fjgmu(4D)
diff -NurbBw 11.4.57/man4d/hid.4d 11.4.60/man4d/hid.4d
--- 11.4.57/man4d/hid.4d 2023-08-23 17:32:53.662879535 -0700
+++ 11.4.60/man4d/hid.4d 2023-08-23 17:33:22.559372457 -0700
@@ -94,13 +94,13 @@
See attributes(7) for descriptions of the following attributes:
- +-----------------------------+------------------------------+
+ +-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
- +-----------------------------+------------------------------+
- |Architecture |SPARC, x86, PCI-based systems |
- +-----------------------------+------------------------------+
+ +-----------------------------+-----------------------------+
+ |Architecture |SPARC, x86 |
+ +-----------------------------+-----------------------------+
|Availability |system/io/usb |
- +-----------------------------+------------------------------+
+ +-----------------------------+-----------------------------+
SEE ALSO
usba(4D), virtualkm(4D), attributes(7), cfgadm_usb(8)
@@ -181,4 +181,4 @@
-Oracle Solaris 11.4 15 Apr 2019 hid(4D)
+Oracle Solaris 11.4 14 Jun 2023 hid(4D)
diff -NurbBw 11.4.57/man4d/hubd.4d 11.4.60/man4d/hubd.4d
--- 11.4.57/man4d/hubd.4d 2023-08-23 17:32:53.695000894 -0700
+++ 11.4.60/man4d/hubd.4d 2023-08-23 17:33:22.593349120 -0700
@@ -39,13 +39,13 @@
See attributes(7) for a description of the following attributes:
- +-----------------------------+------------------------------+
+ +-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
- +-----------------------------+------------------------------+
- |Architecture |SPARC, x86, PCI-based systems |
- +-----------------------------+------------------------------+
+ +-----------------------------+-----------------------------+
+ |Architecture |SPARC, x86 |
+ +-----------------------------+-----------------------------+
|Availability |system/io/usb |
- +-----------------------------+------------------------------+
+ +-----------------------------+-----------------------------+
SEE ALSO
usba(4D), attributes(7), cfgadm_usb(8)
@@ -212,4 +212,4 @@
-Oracle Solaris 11.4 23 Jan 2012 hubd(4D)
+Oracle Solaris 11.4 14 Jun 2023 hubd(4D)
diff -NurbBw 11.4.57/man4d/hwa1480_fw.4d 11.4.60/man4d/hwa1480_fw.4d
--- 11.4.57/man4d/hwa1480_fw.4d 2023-08-23 17:32:53.727222622 -0700
+++ 11.4.60/man4d/hwa1480_fw.4d 2023-08-23 17:33:22.623751363 -0700
@@ -48,13 +48,13 @@
See attributes(7) for a description of the following attributes:
- +-----------------------------+------------------------------+
+ +-----------------------------+-----------------------------+
|ATTRIBUTE TYPE |ATTRIBUTE VALUE |
- +-----------------------------+------------------------------+
- |Architecture |SPARC, x86, PCI-based systems |
- +-----------------------------+------------------------------+
+ +-----------------------------+-----------------------------+
+ |Architecture |SPARC, x86 |
+ +-----------------------------+-----------------------------+
|Availability |system/io/usb |
- +-----------------------------+------------------------------+
+ +-----------------------------+-----------------------------+
SEE ALSO
elfwrap(1), attributes(7), add_drv(8), rem_drv(8), update_drv(8)
@@ -70,4 +70,4 @@
-Oracle Solaris 11.4 14 May 2018 wusb_df(4D)
+Oracle Solaris 11.4 14 Jun 2023 wusb_df(4D)
diff -NurbBw 11.4.57/man4d/intelrd.4d 11.4.60/man4d/intelrd.4d
--- 11.4.57/man4d/intelrd.4d 2023-08-23 17:32:53.760042643 -0700
+++ 11.4.60/man4d/intelrd.4d 2023-08-23 17:33:22.653213302 -0700
@@ -3,10 +3,10 @@
NAME
- intelrd - Intel RDRAND or RDSEED feature entropy generator
+ intelrd - x86 RDRAND or RDSEED feature entropy generator
DESCRIPTION
- The intelrd plugin for the Cryptographic Framework uses the Intel CPU
+ The intelrd plugin for the Cryptographic Framework uses the x86 CPU
RDRAND and/or RDSEED instructions to provide entropy to the kernel ran-
dom pools.
@@ -74,11 +70,11 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
- |Architecture |AMD64 |
+ |Architecture |x86 |
+-----------------------------+-----------------------------+
|Availability |system/kernel/crypto |
+-----------------------------+-----------------------------+
-Oracle Solaris 11.4 15 Dec 2015 intelrd(4D)
+Oracle Solaris 11.4 14 Jun 2023 intelrd(4D)
diff -NurbBw 11.4.57/man4d/ixgb.4d 11.4.60/man4d/ixgb.4d
--- 11.4.57/man4d/ixgb.4d 2023-08-23 17:32:53.792074089 -0700
+++ 11.4.60/man4d/ixgb.4d 2023-08-23 17:33:22.684607526 -0700
@@ -112,7 +112,7 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
- |Architecture |x86 |
+ |Architecture |SPARC, x86 |
+-----------------------------+-----------------------------+
SEE ALSO
@@ -135,4 +135,4 @@
-Oracle Solaris 11.4 5 Jan 2012 ixgb(4D)
+Oracle Solaris 11.4 14 Jun 2023 ixgb(4D)
diff -NurbBw 11.4.57/man4d/llc1.4d 11.4.60/man4d/llc1.4d
--- 11.4.57/man4d/llc1.4d 2023-08-23 17:32:53.824113897 -0700
+++ 11.4.60/man4d/llc1.4d 2023-08-23 17:33:22.721068239 -0700
@@ -170,7 +170,9 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
- |Architecture |x86 |
+ |Architecture |SPARC, x86 |
+ +-----------------------------+-----------------------------+
+ |Availability |system/kernel |
+-----------------------------+-----------------------------+
SEE ALSO
@@ -178,4 +180,4 @@
-Oracle Solaris 11.4 13 Feb 1997 llc1(4D)
+Oracle Solaris 11.4 14 Jun 2023 llc1(4D)
diff -NurbBw 11.4.57/man4d/lsc.4d 11.4.60/man4d/lsc.4d
--- 11.4.57/man4d/lsc.4d 2023-08-23 17:32:53.851790887 -0700
+++ 11.4.60/man4d/lsc.4d 2023-08-23 17:33:22.750138055 -0700
@@ -35,7 +35,7 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
- |Architecture |x86, SPARC |
+ |Architecture |SPARC, x86 |
+-----------------------------+-----------------------------+
|Availability |driver/storage/lsc |
+-----------------------------+-----------------------------+
@@ -49,4 +49,4 @@
-Oracle Solaris 11.4 16 Sep 2014 lsc(4D)
+Oracle Solaris 11.4 14 Jun 2023 lsc(4D)
diff -NurbBw 11.4.57/man4d/mega_sas.4d 11.4.60/man4d/mega_sas.4d
--- 11.4.57/man4d/mega_sas.4d 2023-08-23 17:32:53.888198947 -0700
+++ 11.4.60/man4d/mega_sas.4d 2023-08-23 17:33:22.784089454 -0700
@@ -56,7 +56,7 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
- |Architecture |x86-based systems |
+ |Architecture |x86 |
+-----------------------------+-----------------------------+
|Availability |driver/storage/mega_sas |
+-----------------------------+-----------------------------+
@@ -73,4 +73,4 @@
-Oracle Solaris 11.4 11 Dec 2020 mega_sas(4D)
+Oracle Solaris 11.4 14 Jun 2023 mega_sas(4D)
diff -NurbBw 11.4.57/man4d/mga.4d 11.4.60/man4d/mga.4d
--- 11.4.57/man4d/mga.4d 2023-08-23 17:32:53.923241409 -0700
+++ 11.4.60/man4d/mga.4d 2023-08-23 17:33:22.813797603 -0700
@@ -29,6 +29,8 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
+ |Architecture |SPARC |
+ +-----------------------------+-----------------------------+
|Availability |driver/graphics/mga |
+-----------------------------+-----------------------------+
@@ -37,4 +39,4 @@
-Oracle Solaris 11.4 2 Apr 2012 mga(4D)
+Oracle Solaris 11.4 14 Jun 2023 mga(4D)
diff -NurbBw 11.4.57/man4d/npe.4d 11.4.60/man4d/npe.4d
--- 11.4.57/man4d/npe.4d 2023-08-23 17:32:53.954204385 -0700
+++ 11.4.60/man4d/npe.4d 2023-08-23 17:33:22.844953004 -0700
@@ -34,7 +34,7 @@
+-----------------------------+------------------------------+
SEE ALSO
- pcie_pci(4D), pcie(5), attributes(7)
+ pcieb(4D), pcie(5), attributes(7)
PCI Express Base Specification v1.0a -- 2003
@@ -47,4 +47,4 @@
-Oracle Solaris 11.4 4 Jan 2012 npe(4D)
+Oracle Solaris 11.4 14 Jun 2023 npe(4D)
diff -NurbBw 11.4.57/man4d/ohci.4d 11.4.60/man4d/ohci.4d
--- 11.4.57/man4d/ohci.4d 2023-08-23 17:32:53.984148370 -0700
+++ 11.4.60/man4d/ohci.4d 2023-08-23 17:33:22.874489335 -0700
@@ -32,13 +32,13 @@
See attributes(7) for descriptions of the following attributes:
- +-----------------------------+-------------------------------+
+ +-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
- +-----------------------------+-------------------------------+
- |Architecture |SPARC, x86, PCI-based systems |
- +-----------------------------+-------------------------------+
+ +-----------------------------+-----------------------------+
+ |Architecture |SPARC, x86 |
+ +-----------------------------+-----------------------------+
|Availability |system/io/usb |
- +-----------------------------+-------------------------------+
+ +-----------------------------+-----------------------------+
SEE ALSO
ehci(4D), hubd(4D), uhci(4D), usba(4D), attributes(7)
@@ -97,4 +97,4 @@
-Oracle Solaris 11.4 6 Jan 2012 ohci(4D)
+Oracle Solaris 11.4 14 Jun 2023 ohci(4D)
diff -NurbBw 11.4.57/man4d/pcie_pci.4d 11.4.60/man4d/pcie_pci.4d
--- 11.4.57/man4d/pcie_pci.4d 2023-08-23 17:32:54.014926712 -0700
+++ 11.4.60/man4d/pcie_pci.4d 1969-12-31 16:00:00.000000000 -0800
@@ -1,50 +0,0 @@
-Device Drivers & /dev files pcie_pci(4D)
-
-
-
-NAME
- pcie_pci - PCI Express bridge nexus driver
-
-DESCRIPTION
- The pcie_pci nexus driver is used on X64 servers for PCI Express bridge
- class devices including PCI Express root ports which are implemented as
- virtual bridges and PCI Express to PCI/PCI-X bridges.
-
-
- The pcie_pci driver is compliant with the PCI Express Base, Revision
- 1.0a specification and supports Base line PCI Express error handling
- and PCI Express Hot Plug.
-
-FILES
- /platform/i86pc/kernel/drv/amd64/pcie_pci
-
- 64-bit ELF kernel module.
-
-
-ATTRIBUTES
- See attributes(7) for descriptions of the following attributes:
-
-
- +-----------------------------+------------------------------+
- | ATTRIBUTE TYPE | ATTRIBUTE VALUE |
- +-----------------------------+------------------------------+
- |Architecture |x64 PCI Express-based systems |
- +-----------------------------+------------------------------+
- |Availability |system/kernel/platform |
- +-----------------------------+------------------------------+
-
-SEE ALSO
- npe(4D), pcie(5), attributes(7)
-
-
- PCI Express Base Specification v1.0a --2003
-
-
- Writing Device Drivers in Oracle Solaris 11.4
-
-
- IEEE 1275 PCI Bus Binding -- 1998
-
-
-
-Oracle Solaris 11.4 5 Jan 2012 pcie_pci(4D)
diff -NurbBw 11.4.57/man4d/pcieb.4d 11.4.60/man4d/pcieb.4d
--- 11.4.57/man4d/pcieb.4d 1969-12-31 16:00:00.000000000 -0800
+++ 11.4.60/man4d/pcieb.4d 2023-08-23 17:33:22.906335986 -0700
@@ -0,0 +1,56 @@
+Device Drivers & /dev files pcieb(4D)
+
+
+
+NAME
+ pcieb - PCI Express bridge nexus driver
+
+DESCRIPTION
+ The pcieb nexus driver is used for PCI Express bridge class devices
+ including PCI Express root ports which are implemented as virtual
+ bridges and PCI Express to PCI/PCI-X bridges.
+
+
+ The pcieb driver is compliant with the PCI Express Base, Revision 1.0a
+ specification and supports Base line PCI Express error handling and PCI
+ Express Hot Plug.
+
+FILES
+ /kernel/drv/amd64/pcieb 64-bit ELF kernel module (x86).
+
+
+ /kernel/drv/sparcv9/pcieb 64-bit ELF kernel module (SPARC).
+
+
+ATTRIBUTES
+ See attributes(7) for descriptions of the following attributes:
+
+
+ +-----------------------------+-----------------------------+
+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+ +-----------------------------+-----------------------------+
+ |Architecture |PCI Express-based systems |
+ +-----------------------------+-----------------------------+
+ |Availability |system/kernel |
+ +-----------------------------+-----------------------------+
+
+SEE ALSO
+ npe(4D), pcie(5), attributes(7)
+
+
+ PCI Express Base Specification v1.0a --2003
+
+
+ Writing Device Drivers in Oracle Solaris 11.4
+
+
+ IEEE 1275 PCI Bus Binding -- 1998
+
+HISTORY
+ The pcieb driver was introduced in in Solaris 10 9/10 (Update 9) to
+ replace the previous px_pci and pxb_plx drivers on SPARC systems, and
+ the pcie_pci driver on x86 systems.
+
+
+
+Oracle Solaris 11.4 14 Jun 2023 pcieb(4D)
diff -NurbBw 11.4.57/man4d/scsa2usb.4d 11.4.60/man4d/scsa2usb.4d
--- 11.4.57/man4d/scsa2usb.4d 2023-08-23 17:32:54.061958883 -0700
+++ 11.4.60/man4d/scsa2usb.4d 2023-08-23 17:33:22.945869038 -0700
@@ -205,13 +205,13 @@
See attributes(7) for descriptions of the following attributes:
- +-----------------------------+------------------------------+
+ +-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
- +-----------------------------+------------------------------+
- |Architecture |SPARC, x86, PCI-based systems |
- +-----------------------------+------------------------------+
+ +-----------------------------+-----------------------------+
+ |Architecture |SPARC, x86 |
+ +-----------------------------+-----------------------------+
|Availability |system/io/usb |
- +-----------------------------+------------------------------+
+ +-----------------------------+-----------------------------+
SEE ALSO
cdrw(1), eject(1), rmformat(1), rmmount(1), libusb(3LIB), sd(4D),
@@ -318,15 +318,12 @@
product ID 456 are:
-
-
vid=0x123 pid=0x456 reduced-cmd-support=true
or
- vid=* reduced-cmd-support=true
-
+ vid=* reduced-cmd-support=true
...meaning that the override record is applied to this device and
all other USB mass storage devices.
@@ -376,4 +373,4 @@
-Oracle Solaris 11.4 25 Mar 2020 scsa2usb(4D)
+Oracle Solaris 11.4 14 Jun 2023 scsa2usb(4D)
diff -NurbBw 11.4.57/man4d/ses.4d 11.4.60/man4d/ses.4d
--- 11.4.57/man4d/ses.4d 2023-08-23 17:32:54.092596102 -0700
+++ 11.4.60/man4d/ses.4d 2023-08-23 17:33:22.975678329 -0700
@@ -47,8 +47,7 @@
SESIOC_GETENCSTAT Returns an unsigned character that represents sta-
tus enclosure as defined by Table 25 in Section
- 7.1.2 of the SES specification NCITS
- 305-199x.
+ 7.1.2 of the SES specification NCITS 305-199x.
SESIOC_GETOBJSTAT This ioctl is passed an ses_objarg containing the
@@ -74,7 +73,7 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
- |Architecture |SPARC |
+ |Architecture |SPARC, x86 |
+-----------------------------+-----------------------------+
SEE ALSO
@@ -82,4 +81,4 @@
-Oracle Solaris 11.4 11 Mar 2016 ses(4D)
+Oracle Solaris 11.4 14 Jun 2023 ses(4D)
diff -NurbBw 11.4.57/man4d/smbios.4d 11.4.60/man4d/smbios.4d
--- 11.4.57/man4d/smbios.4d 2023-08-23 17:32:54.122400283 -0700
+++ 11.4.60/man4d/smbios.4d 2023-08-23 17:33:23.008920854 -0700
@@ -32,6 +32,8 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
+ |Architecture |x86 |
+ +-----------------------------+-----------------------------+
|Availability |system/kernel |
+-----------------------------+-----------------------------+
|Interface Stability |Committed |
@@ -55,4 +57,4 @@
-Oracle Solaris 11.4 16 Sep 2014 smbios(4D)
+Oracle Solaris 11.4 14 Jun 2023 smbios(4D)
diff -NurbBw 11.4.57/man4d/srpt.4d 11.4.60/man4d/srpt.4d
--- 11.4.57/man4d/srpt.4d 2023-08-23 17:32:54.154382322 -0700
+++ 11.4.60/man4d/srpt.4d 2023-08-23 17:33:23.040299115 -0700
@@ -37,7 +37,7 @@
+---------------+-------------------------------------------+
|ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+---------------+-------------------------------------------+
- |Architecture | x86 |
+ |Architecture | SPARC, x86 |
+---------------+-------------------------------------------+
|Availability | system/storage/scsi-rdma/scsi-rdma-target |
+---------------+-------------------------------------------+
@@ -46,12 +46,12 @@
ib(4D), ibdma(4D), ibtl(4D), attributes(7), stmfadm(8)
- Configuring Storage Devices With COMSTAR in Managing Devices in Oracle
- Solaris 11.4
+ Chapter 8, Configuring Storage Devices With COMSTAR in Managing Devices
+ in Oracle Solaris 11.4
SCSI RDMA Protocol (SRP) T10 Project 1415-D, Revision
-Oracle Solaris 11.4 5 Jan 2012 srpt(4D)
+Oracle Solaris 11.4 14 Jun 2023 srpt(4D)
diff -NurbBw 11.4.57/man4d/ssd.4d 11.4.60/man4d/ssd.4d
--- 11.4.57/man4d/ssd.4d 2023-08-23 17:32:54.187879379 -0700
+++ 11.4.60/man4d/ssd.4d 2023-08-23 17:33:23.073354224 -0700
@@ -196,6 +196,18 @@
sn partition n (0-7)
+ATTRIBUTES
+ See attributes(7) for a description of the following attributes:
+
+
+ +-----------------------------+-----------------------------+
+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+ +-----------------------------+-----------------------------+
+ |Architecture |SPARC |
+ +-----------------------------+-----------------------------+
+ |Availability |driver/storage/ssd |
+ +-----------------------------+-----------------------------+
+
SEE ALSO
sar(1), ioctl(2), lseek(2), open(2), read(2), write(2), cdio(4I),
dkio(4I), driver.conf(5), scsi(5), format(8), iostat(8)
@@ -389,4 +401,4 @@
-Oracle Solaris 11.4 11 May 2021 ssd(4D)
+Oracle Solaris 11.4 14 Jun 2023 ssd(4D)
diff -NurbBw 11.4.57/man4d/tzmon.4d 11.4.60/man4d/tzmon.4d
--- 11.4.57/man4d/tzmon.4d 2023-08-23 17:32:54.216893299 -0700
+++ 11.4.60/man4d/tzmon.4d 2023-08-23 17:33:23.102042182 -0700
@@ -36,7 +36,7 @@
+-----------------------------+-----------------------------+
|Availability |system/kernel |
+-----------------------------+-----------------------------+
- |Architecture |x86/x64 only |
+ |Architecture |x86 |
+-----------------------------+-----------------------------+
|Interface Stability |Private |
+-----------------------------+-----------------------------+
@@ -50,4 +50,4 @@
-Oracle Solaris 11.4 31 Oct 2006 tzmon(4D)
+Oracle Solaris 11.4 14 Jun 2023 tzmon(4D)
diff -NurbBw 11.4.57/man4d/ugen.4d 11.4.60/man4d/ugen.4d
--- 11.4.57/man4d/ugen.4d 2023-08-23 17:32:54.270283247 -0700
+++ 11.4.60/man4d/ugen.4d 2023-08-23 17:33:23.146935028 -0700
@@ -1342,7 +1342,7 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
- |Architecture |PCI-based SPARC |
+ |Architecture |SPARC, x86 |
+-----------------------------+-----------------------------+
|Availability |system/io/usb |
+-----------------------------+-----------------------------+
@@ -1390,4 +1390,4 @@
-Oracle Solaris 11.4 11 May 2021 ugen(4D)
+Oracle Solaris 11.4 14 Jun 2023 ugen(4D)
diff -NurbBw 11.4.57/man4d/uhci.4d 11.4.60/man4d/uhci.4d
--- 11.4.57/man4d/uhci.4d 2023-08-23 17:32:54.300148173 -0700
+++ 11.4.60/man4d/uhci.4d 2023-08-23 17:33:23.177627134 -0700
@@ -29,13 +29,13 @@
See attributes(7) for descriptions of the following attributes:
- +-----------------------------+-------------------------------+
+ +-----------------------------+-----------------------------+
|ATTRIBUTE TYPE |ATTRIBUTE VALUE |
- +-----------------------------+-------------------------------+
- |Architecture |SPARC or x86 PCI-based systems |
- +-----------------------------+-------------------------------+
+ +-----------------------------+-----------------------------+
+ |Architecture |SPARC, x86 |
+ +-----------------------------+-----------------------------+
|Availability |system/io/usb |
- +-----------------------------+-------------------------------+
+ +-----------------------------+-----------------------------+
SEE ALSO
ehci(4D), hubd(4D), ohci(4D), usba(4D), attributes(7)
@@ -73,4 +73,4 @@
-Oracle Solaris 11.4 5 Jan 2012 uhci(4D)
+Oracle Solaris 11.4 14 Jun 2023 uhci(4D)
diff -NurbBw 11.4.57/man4d/usb_ac.4d 11.4.60/man4d/usb_ac.4d
--- 11.4.57/man4d/usb_ac.4d 2023-08-23 17:32:54.331432548 -0700
+++ 11.4.60/man4d/usb_ac.4d 2023-08-23 17:33:23.207739067 -0700
@@ -49,7 +49,7 @@
+-----------------------------+--------------------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+--------------------------------------+
- |Architecture |SPARC, x86, PCI-based systems |
+ |Architecture |SPARC, x86 |
+-----------------------------+--------------------------------------+
|Availability |system/io/usb, driver/audio/audio-usb |
+-----------------------------+--------------------------------------+
@@ -86,4 +86,4 @@
-Oracle Solaris 11.4 14 Mar 2016 usb_ac(4D)
+Oracle Solaris 11.4 14 Jun 2023 usb_ac(4D)
diff -NurbBw 11.4.57/man4d/usb_as.4d 11.4.60/man4d/usb_as.4d
--- 11.4.57/man4d/usb_as.4d 2023-08-23 17:32:54.360937027 -0700
+++ 11.4.60/man4d/usb_as.4d 2023-08-23 17:33:23.240725711 -0700
@@ -35,7 +35,7 @@
+-----------------------------+--------------------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+--------------------------------------+
- |Architecture |SPARC, x86, PCI-based systems |
+ |Architecture |SPARC, x86 |
+-----------------------------+--------------------------------------+
|Availability |system/io/usb, driver/audio/audio-usb |
+-----------------------------+--------------------------------------+
@@ -99,4 +99,4 @@
-Oracle Solaris 11.4 5 Jan 2012 usb_as(4D)
+Oracle Solaris 11.4 14 Jun 2023 usb_as(4D)
diff -NurbBw 11.4.57/man4d/usb_ia.4d 11.4.60/man4d/usb_ia.4d
--- 11.4.57/man4d/usb_ia.4d 2023-08-23 17:32:54.393798995 -0700
+++ 11.4.60/man4d/usb_ia.4d 2023-08-23 17:33:23.273074355 -0700
@@ -37,13 +37,13 @@
See attributes(7) for descriptions of the following attributes:
- +-----------------------------+------------------------------+
+ +-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
- +-----------------------------+------------------------------+
- |Architecture |SPARC & x86 PCI-based systems |
- +-----------------------------+------------------------------+
+ +-----------------------------+-----------------------------+
+ |Architecture |SPARC, x86 |
+ +-----------------------------+-----------------------------+
|Availability |system/io/usb |
- +-----------------------------+------------------------------+
+ +-----------------------------+-----------------------------+
SEE ALSO
ugen(4D), usb_mid(4D), usba(4D), attributes(7)
@@ -74,4 +74,4 @@
-Oracle Solaris 11.4 14 May 2018 usb_ia(4D)
+Oracle Solaris 11.4 14 Jun 2023 usb_ia(4D)
diff -NurbBw 11.4.57/man4d/usb_mid.4d 11.4.60/man4d/usb_mid.4d
--- 11.4.57/man4d/usb_mid.4d 2023-08-23 17:32:54.424815270 -0700
+++ 11.4.60/man4d/usb_mid.4d 2023-08-23 17:33:23.308215081 -0700
@@ -45,13 +45,13 @@
See attributes(7) for descriptions of the following attributes:
- +-----------------------------+-------------------------------+
+ +-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
- +-----------------------------+-------------------------------+
- |Architecture |SPARC & x86, PCI-based systems |
- +-----------------------------+-------------------------------+
+ +-----------------------------+-----------------------------+
+ |Architecture |SPARC, x86 |
+ +-----------------------------+-----------------------------+
|Availability |system/io/usb |
- +-----------------------------+-------------------------------+
+ +-----------------------------+-----------------------------+
SEE ALSO
libusb(3LIB), usb_ia(4D), usba(4D), attributes(7), cfgadm_usb(8)
@@ -120,4 +120,4 @@
-Oracle Solaris 11.4 5 Jan 2012 usb_mid(4D)
+Oracle Solaris 11.4 14 Jun 2023 usb_mid(4D)
diff -NurbBw 11.4.57/man4d/usbftdi.4d 11.4.60/man4d/usbftdi.4d
--- 11.4.57/man4d/usbftdi.4d 2023-08-23 17:32:54.457794112 -0700
+++ 11.4.60/man4d/usbftdi.4d 2023-08-23 17:33:23.342227339 -0700
@@ -23,7 +23,7 @@
specified by flags in the c_cflag word of the termios structure, and by
the IGNBRK, IGNPAR, PARMRK, and INPCK flags in the c_iflag word of the
termios structure. All other termio(4I) functions must be performed by
- STREAMS modules pushed atop the driver. When a device is opened, the ,
+ STREAMS modules pushed atop the driver. When a device is opened, the
ldterm(4M) and ttcompat(4M) STREAMS modules are automatically pushed on
top of the stream, providing the standard termio(4I) interface.
@@ -73,7 +73,7 @@
or by setting the value of the property to zero.
- More sophisticated selection of which devicesl ignore or obey the DCD
+ More sophisticated selection of which devices ignore or obey the DCD
signal can be effected using port-%d-ignore-cd properties.
Dial-In and Dial-Out Support
@@ -153,18 +153,18 @@
See attributes(7) for a description of the following attribute:
- +-----------------------------+------------------------------+
+ +-----------------------------+-----------------------------+
|ATTRIBUTE TYPE |ATTRIBUTE VALUE |
- +-----------------------------+------------------------------+
- |Architecture |SPARC, x86, PCI-based systems |
- +-----------------------------+------------------------------+
+ +-----------------------------+-----------------------------+
+ |Architecture |SPARC, x86 |
+ +-----------------------------+-----------------------------+
|Availability |driver/serial/usbftdi |
- +-----------------------------+------------------------------+
+ +-----------------------------+-----------------------------+
SEE ALSO
strconf(1), tip(1), ioctl(2), open(2), termios(3C), usba(4D),
termio(4I), ldterm(4M), ttcompat(4M), attributes(7), autopush(8), eep-
- rom(8), eeprom(8),
+ rom(8)
DIAGNOSTICS
In addition to being logged, the following messages might appear on the
@@ -215,4 +215,4 @@
-Oracle Solaris 11.4 19 Feb 2019 usbftdi(4D)
+Oracle Solaris 11.4 14 Jun 2023 usbftdi(4D)
diff -NurbBw 11.4.57/man4d/usbprn.4d 11.4.60/man4d/usbprn.4d
--- 11.4.57/man4d/usbprn.4d 2023-08-23 17:32:54.491912833 -0700
+++ 11.4.60/man4d/usbprn.4d 2023-08-23 17:33:23.375360611 -0700
@@ -102,7 +102,7 @@
The write_timeout field, which specifies how long the driver takes
to transfer 8192 bytes of data to the device, is set to a default
value of 90 seconds. The write_timeout field must be greater than
- one second and less than 300 seconds (five minutes.)
+ one second and less than 300 seconds (five minutes).
Unlike the ecpp(4D) driver, only the ECPP_CENTRONICS mode is cur-
rently supported in usbprn. Also, the semantics of write_timeout in
@@ -230,13 +230,13 @@
See attributes(7) for descriptions of the following attributes:
- +-----------------------------+------------------------------+
+ +-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
- +-----------------------------+------------------------------+
- |Architecture |SPARC, x86, PCI-based systems |
- +-----------------------------+------------------------------+
+ +-----------------------------+-----------------------------+
+ |Architecture |SPARC, x86 |
+ +-----------------------------+-----------------------------+
|Availability |system/io/usb |
- +-----------------------------+------------------------------+
+ +-----------------------------+-----------------------------+
SEE ALSO
ioctl(2), open(2), read(2), write(2), libusb(3LIB), ecpp(4D), ugen(4D),
@@ -296,7 +296,7 @@
If a printer is hot-removed before a job completes, the job is termi-
- nated and the driver returns EIO. All subsequent opens returns ENODEV.
+ nated and the driver returns EIO. All subsequent opens return ENODEV.
If a printer is hot-removed, an LP reconfiguration might not be needed
if a printer is re-inserted on the same port. If re-inserted on a dif-
ferent port, an LP reconfiguration might be required.
@@ -310,4 +310,4 @@
-Oracle Solaris 11.4 14 May 2018 usbprn(4D)
+Oracle Solaris 11.4 14 Jun 2023 usbprn(4D)
diff -NurbBw 11.4.57/man4d/usbsacm.4d 11.4.60/man4d/usbsacm.4d
--- 11.4.57/man4d/usbsacm.4d 2023-08-23 17:32:54.527152651 -0700
+++ 11.4.60/man4d/usbsacm.4d 2023-08-23 17:33:23.410753387 -0700
@@ -121,13 +121,13 @@
See attributes(7) for descriptions of the following attributes:
- +-----------------------------+------------------------------+
+ +-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
- +-----------------------------+------------------------------+
- |Architecture | SPARC, x86 PCI-based systems |
- +-----------------------------+------------------------------+
+ +-----------------------------+-----------------------------+
+ |Architecture |SPARC, x86 |
+ +-----------------------------+-----------------------------+
|Availability |driver/serial/usbsacm |
- +-----------------------------+------------------------------+
+ +-----------------------------+-----------------------------+
SEE ALSO
strconf(1), tip(1), ioctl(2), open(2), termios(3C), usba(4D),
@@ -182,4 +182,4 @@
-Oracle Solaris 11.4 19 Feb 2019 usbsacm(4D)
+Oracle Solaris 11.4 14 Jun 2023 usbsacm(4D)
diff -NurbBw 11.4.57/man4d/usbser_edge.4d 11.4.60/man4d/usbser_edge.4d
--- 11.4.57/man4d/usbser_edge.4d 2023-08-23 17:32:54.559445682 -0700
+++ 11.4.60/man4d/usbser_edge.4d 2023-08-23 17:33:23.445740384 -0700
@@ -53,8 +53,8 @@
A dial-in line can be opened only if the corresponding dial-out line is
closed. A blocking /dev/term open waits until the /dev/cua line is
closed (which drops Data Terminal Ready, after which Carrier Detect
- usually drops as well) and carrier is detected again. A non-block-
- ing/dev/term open returns an error if the /dev/cua is open.
+ usually drops as well) and carrier is detected again. A non-blocking
+ /dev/term open returns an error if the /dev/cua is open.
If the /dev/term line is opened successfully (usually only when carrier
@@ -127,13 +127,13 @@
See attributes(7) for descriptions of the following attributes:
- +-----------------------------+------------------------------+
+ +-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
- +-----------------------------+------------------------------+
- |Architecture |SPARC, x86, PCI-based systems |
- +-----------------------------+------------------------------+
+ +-----------------------------+-----------------------------+
+ |Architecture |SPARC, x86 |
+ +-----------------------------+-----------------------------+
|Availability |driver/serial/usbser_edge |
- +-----------------------------+------------------------------+
+ +-----------------------------+-----------------------------+
SEE ALSO
strconf(1), tip(1), ioctl(2), open(2), termios(3C), usba(4D),
@@ -187,4 +187,4 @@
-Oracle Solaris 11.4 19 Feb 2019 usbser_edge(4D)
+Oracle Solaris 11.4 14 Jun 2023 usbser_edge(4D)
diff -NurbBw 11.4.57/man4d/usbsksp.4d 11.4.60/man4d/usbsksp.4d
--- 11.4.57/man4d/usbsksp.4d 2023-08-23 17:32:54.603154320 -0700
+++ 11.4.60/man4d/usbsksp.4d 2023-08-23 17:33:23.483272271 -0700
@@ -125,13 +125,13 @@
See attributes(7) for descriptions of the following attributes:
- +-----------------------------+------------------------------+
+ +-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
- +-----------------------------+------------------------------+
- |Architecture |SPARC, x86, PCI-based systems |
- +-----------------------------+------------------------------+
+ +-----------------------------+-----------------------------+
+ |Architecture |SPARC, x86 |
+ +-----------------------------+-----------------------------+
|Availability |driver/serial/usbsksp |
- +-----------------------------+------------------------------+
+ +-----------------------------+-----------------------------+
SEE ALSO
strconf(1), tip(1), ioctl(2), open(2), termios(3C), usba(4D),
@@ -186,4 +186,4 @@
-Oracle Solaris 11.4 19 Feb 2019 usbsksp(4D)
+Oracle Solaris 11.4 14 Jun 2023 usbsksp(4D)
diff -NurbBw 11.4.57/man4d/usbsprl.4d 11.4.60/man4d/usbsprl.4d
--- 11.4.57/man4d/usbsprl.4d 2023-08-23 17:32:54.634824878 -0700
+++ 11.4.60/man4d/usbsprl.4d 2023-08-23 17:33:23.520853701 -0700
@@ -116,13 +116,13 @@
See attributes(7) for descriptions of the following attributes:
- +-----------------------------+------------------------------+
+ +-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
- +-----------------------------+------------------------------+
- |Architecture |SPARC, x86, PCI-based systems |
- +-----------------------------+------------------------------+
+ +-----------------------------+-----------------------------+
+ |Architecture |SPARC, x86 |
+ +-----------------------------+-----------------------------+
|Availability |driver/serial/usbsprl |
- +-----------------------------+------------------------------+
+ +-----------------------------+-----------------------------+
SEE ALSO
strconf(1), tip(1), ioctl(2), open(2), termios(3C), usba(4D),
@@ -179,4 +179,4 @@
-Oracle Solaris 11.4 19 Feb 2019 usbsprl(4D)
+Oracle Solaris 11.4 14 Jun 2023 usbsprl(4D)
diff -NurbBw 11.4.57/man4d/usbvc.4d 11.4.60/man4d/usbvc.4d
--- 11.4.57/man4d/usbvc.4d 2023-08-23 17:32:54.669179968 -0700
+++ 11.4.60/man4d/usbvc.4d 2023-08-23 17:33:23.552233882 -0700
@@ -202,13 +202,13 @@
See attributes(7) for descriptions of the following attributes:
- +-----------------------------+-------------------------------+
+ +-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
- +-----------------------------+-------------------------------+
- |Architecture | SPARC, x86, PCI-based systems |
- +-----------------------------+-------------------------------+
+ +-----------------------------+-----------------------------+
+ |Architecture |SPARC, x86 |
+ +-----------------------------+-----------------------------+
|Availability |driver/graphics/usbvc |
- +-----------------------------+-------------------------------+
+ +-----------------------------+-----------------------------+
SEE ALSO
ioctl(2), mmap(2), open(2), read(2), libusb(3LIB), ugen(4D), usba(4D),
@@ -277,4 +277,4 @@
-Oracle Solaris 11.4 14 May 2018 usbvc(4D)
+Oracle Solaris 11.4 14 Jun 2023 usbvc(4D)
diff -NurbBw 11.4.57/man4d/wusb_ca.4d 11.4.60/man4d/wusb_ca.4d
--- 11.4.57/man4d/wusb_ca.4d 2023-08-23 17:32:54.700183927 -0700
+++ 11.4.60/man4d/wusb_ca.4d 2023-08-23 17:33:23.581491575 -0700
@@ -38,13 +38,13 @@
See attributes(7) for a description of the following attributes:
- +-----------------------------+------------------------------+
+ +-----------------------------+-----------------------------+
|ATTRIBUTE TYPE |ATTRIBUTE VALUE |
- +-----------------------------+------------------------------+
- |Architecture |SPARC, x86, PCI-based systems |
- +-----------------------------+------------------------------+
+ +-----------------------------+-----------------------------+
+ |Architecture |SPARC, x86 |
+ +-----------------------------+-----------------------------+
|Availability |system/io/usb |
- +-----------------------------+------------------------------+
+ +-----------------------------+-----------------------------+
SEE ALSO
hwahc(4D), hwarc(4D), usba(4D), attributes(7), wusbadm(8)
@@ -60,4 +60,4 @@
-Oracle Solaris 11.4 5 Jan 2012 wusb_ca(4D)
+Oracle Solaris 11.4 14 Jun 2023 wusb_ca(4D)
diff -NurbBw 11.4.57/man4d/wusb_df.4d 11.4.60/man4d/wusb_df.4d
--- 11.4.57/man4d/wusb_df.4d 2023-08-23 17:32:54.730005545 -0700
+++ 11.4.60/man4d/wusb_df.4d 2023-08-23 17:33:23.611454250 -0700
@@ -48,13 +48,13 @@
See attributes(7) for a description of the following attributes:
- +-----------------------------+------------------------------+
+ +-----------------------------+-----------------------------+
|ATTRIBUTE TYPE |ATTRIBUTE VALUE |
- +-----------------------------+------------------------------+
- |Architecture |SPARC, x86, PCI-based systems |
- +-----------------------------+------------------------------+
+ +-----------------------------+-----------------------------+
+ |Architecture |SPARC, x86 |
+ +-----------------------------+-----------------------------+
|Availability |system/io/usb |
- +-----------------------------+------------------------------+
+ +-----------------------------+-----------------------------+
SEE ALSO
elfwrap(1), attributes(7), add_drv(8), rem_drv(8), update_drv(8)
@@ -70,4 +70,4 @@
-Oracle Solaris 11.4 14 May 2018 wusb_df(4D)
+Oracle Solaris 11.4 14 Jun 2023 wusb_df(4D)
diff -NurbBw 11.4.57/man4d/xhci.4d 11.4.60/man4d/xhci.4d
--- 11.4.57/man4d/xhci.4d 2023-08-23 17:32:54.761844222 -0700
+++ 11.4.60/man4d/xhci.4d 2023-08-23 17:33:23.642885274 -0700
@@ -36,13 +36,13 @@
See attributes(7) for descriptions of the following attributes:
- +-----------------------------+-------------------------------+
+ +-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
- +-----------------------------+-------------------------------+
- |Architecture |SPARC or x86 PCI-based systems |
- +-----------------------------+-------------------------------+
+ +-----------------------------+-----------------------------+
+ |Architecture |SPARC, x86 |
+ +-----------------------------+-----------------------------+
|Availability |system/io/usb |
- +-----------------------------+-------------------------------+
+ +-----------------------------+-----------------------------+
SEE ALSO
ehci(4D), hubd(4D), ohci(4D), usba(4D), attributes(7), add_drv(8), prt-
@@ -113,4 +113,4 @@
-Oracle Solaris 11.4 07 Nov 2016 xhci(4D)
+Oracle Solaris 11.4 14 Jun 2023 xhci(4D)
diff -NurbBw 11.4.57/man5/admin.5 11.4.60/man5/admin.5
--- 11.4.57/man5/admin.5 2023-08-23 17:32:54.795881401 -0700
+++ 11.4.60/man5/admin.5 2023-08-23 17:33:23.678300859 -0700
@@ -234,58 +234,6 @@
- authentication
-
- Controls resolution when a datastream package with signature is to
- be installed. Options are:
-
- nocheck
-
- Do not verify package signature. This also disables the use of
- the Online Certificate Status Protocol (OCSP) to validate the
- package's signing certificate.
-
-
- quit
-
- Abort installation if package signature cannot be verified.
-
-
-
- networktimeout
-
- Number of seconds to wait before giving up a network connection
- when downloading a package. This entry must be a positive integer.
- If not present, the default value of 60 is used.
-
-
- networkretries
-
- Number of times to retry a failed network connection when download-
- ing a package. This entry must be a positive integer. If not
- present, the default value of 5 is used.
-
-
- keystore
-
- Location of trusted certificates used when downloading packages
- over SSL and when verifying signatures on packages. This is the
- base directory of the certificate location for trusted certificates
- used when validating digital signatures on packages. For example,
- if this setting is /var/sadm/security, then pkgadd will use
- /var/sadm/security/pkgadd/truststore, then /var/sadm/secu-
- rity/truststore when searching for trusted certificates. See KEY-
- STORE LOCATIONS and KEYSTORE AND CERTIFICATE FORMATS in pkgadd(8)
- for details on certificate store format and usage.
-
-
- proxy
-
- The default proxy to use when installing packages from the network.
- Currently, only HTTP or HTTPS proxies are supported. If this field
- is blank or non-existent, then no proxy will be used.
-
-
rscriptalt=root | noaccess
Determines the user that will run request scripts. This parameter
@@ -336,11 +284,6 @@
conflict=ask
action=ask
basedir=default
- authentication=quit
- networktimeout=10
- networkretries=3
- keystore=/var/sadm/security
- proxy=
@@ -361,11 +304,6 @@
idepend=quit
rdepend=quit
space=quit
- authentication=quit
- networktimeout=10
- networkretries=5
- keystore=/opt/certs
- proxy=syrinx.eng.example.com:8080
@@ -401,4 +339,4 @@
-Oracle Solaris 11.4 30 Sept 2016 admin(5)
+Oracle Solaris 11.4 26 Apr 2023 admin(5)
diff -NurbBw 11.4.57/man5/nfs.5 11.4.60/man5/nfs.5
--- 11.4.57/man5/nfs.5 2023-08-23 17:32:54.829831355 -0700
+++ 11.4.60/man5/nfs.5 2023-08-23 17:33:23.713117290 -0700
@@ -123,7 +123,8 @@
Grace period, in seconds, that all clients (both NLM and NFSv4)
have to reclaim locks after a server reboot. This parameter also
controls the NFSv4 lease interval and overrides the deprecated set-
- ting LOCKD_GRACE_PERIOD. The default is 90.
+ ting LOCKD_GRACE_PERIOD. The default is 90. The minimum allowed
+ value is 15.
server_enable_idmap=on|off
@@ -245,4 +246,4 @@
-Oracle Solaris 11.4 6 May 2021 nfs(5)
+Oracle Solaris 11.4 22 Mar 2023 nfs(5)
diff -NurbBw 11.4.57/man5/pam.conf.5 11.4.60/man5/pam.conf.5
--- 11.4.57/man5/pam.conf.5 2023-08-23 17:32:54.868408315 -0700
+++ 11.4.60/man5/pam.conf.5 2023-08-23 17:33:23.751203717 -0700
@@ -17,7 +17,7 @@
for PAM.
- The PAM library (libpam(3LIB)) looks for the PAM configuration in the
+ The PAM library, libpam(3LIB), looks for the PAM configuration in the
following files in the order listed:
1. /etc/pam.conf for the current PAM service name
@@ -71,7 +71,7 @@
The pam.conf file contains a listing of services. Each service is
paired with a corresponding service module. When a service is
requested, its associated module is invoked. Each entry may be a maxi-
- mum of 256 characters, including the end of line, and must be one of
+ mum of 256 characters, including the end of line, and must be in one of
the following two formats:
service_name module_type control_flag module_path options
@@ -237,7 +237,7 @@
ately return the first non-optional failure value recorded without
calling any subsequent modules. That is, return this failure unless
a previous required service module failed. If a previous required
- service module failed, then returns the first of those values.
+ service module failed, then return the first of those values.
sufficient
@@ -325,13 +325,12 @@
In the case of su, the user is authenticated by the inhouse and auth-
- tok_get, dhkeys, and unix_auth authentication modules. Because the
- inhouse and the other authentication modules are required and requi-
- site, respectively, an error is returned back to the application if any
- module fails. In addition, if the requisite authentication (pam_auth-
- tok_get authentication) fails, the other authentication modules are
- never invoked, and the error is returned immediately back to the appli-
- cation.
+ tok_get, and unix_auth authentication modules. Because the inhouse and
+ the other authentication modules are required and requisite, respec-
+ tively, an error is returned back to the application if any module
+ fails. In addition, if the requisite authentication (pam_authtok_get
+ authentication) fails, the other authentication modules are never
+ invoked, and the error is returned immediately back to the application.
In the case of login, the required keyword for control_flag requires
@@ -378,7 +377,7 @@
/etc/pam.conf Traditional PAM configuration file
- /etc/pam.d/service Alternate PAM configuration files
+ /etc/pam.d/service Per-service PAM configuration files
/usr/lib/$ISA/libpam.so.1 File that implements the PAM framework
@@ -396,13 +395,11 @@
OTHER auth requisite pam_authtok_get.so.1
- OTHER auth required pam_dhkeys.so.1
OTHER auth required pam_unix_auth.so.1
OTHER auth required pam_unix_cred.so.1
OTHER account requisite pam_roles.so.1
OTHER account required pam_unix_account.so.1
OTHER session required pam_unix_session.so.1
- OTHER password required pam_dhkeys.so.1
OTHER password requisite pam_authtok_get.so.1
OTHER password requisite pam_authtok_check.so.1
OTHER password required pam_authtok_store.so.1
@@ -521,21 +518,39 @@
SEE ALSO
login(1), passwd(1), syslog(3C), libpam(3LIB), pam(3PAM),
- attributes(7), environ(7), pam_authtok_check(7), pam_authtok_get(7),
- pam_authtok_store(7), pam_dhkeys(7), pam_krb5(7), pam_passwd_auth(7),
- pam_unix_account(7), pam_unix_auth(7), pam_unix_session(7),
- in.rlogind(8), in.rshd(8), in.telnetd(8), init(8), su(8), ttymon(8)
+ pam_eval(3PAM), attributes(7), environ(7), pam_authtok_check(7),
+ pam_authtok_get(7), pam_authtok_store(7), pam_krb5(7),
+ pam_passwd_auth(7), pam_unix_account(7), pam_unix_auth(7),
+ pam_unix_session(7), pam_user_policy(7), su(8)
Chapter 1, Using Pluggable Authentication Modules in Managing Authenti-
cation in Oracle Solaris 11.4
HISTORY
- Support for pam.d was added in Oracle Solaris 11.1.0.
+ Support for per-service files in pam.d, and per-user configuration via
+ pam_user_policy(7), was added in Oracle Solaris 11.1.0.
Support for pam.conf was added in Solaris 2.6.
+ Support for the following control_flag keywords is available in Solaris
+ starting with the listed release:
+
+
+ +-------------------------------------------------+---------+
+ | KEYWORD |RELEASE |
+ +-------------------------------------------------+---------+
+ |definitive |11.1.0 |
+ +-------------------------------------------------+---------+
+ |include |11.0.0 |
+ +-------------------------------------------------+---------+
+ |binding |10 3/05 |
+ +-------------------------------------------------+---------+
+ |optional, required, requisite, sufficient |2.6 |
+ +-------------------------------------------------+---------+
+
+
-Oracle Solaris 11.4 21 Jun 2021 pam.conf(5)
+Oracle Solaris 11.4 15 Mar 2023 pam.conf(5)
diff -NurbBw 11.4.57/man5/pam.d.5 11.4.60/man5/pam.d.5
--- 11.4.57/man5/pam.d.5 2023-08-23 17:32:54.905625975 -0700
+++ 11.4.60/man5/pam.d.5 2023-08-23 17:33:23.791087270 -0700
@@ -17,7 +17,7 @@
for PAM.
- The PAM library (libpam(3LIB)) looks for the PAM configuration in the
+ The PAM library, libpam(3LIB), looks for the PAM configuration in the
following files in the order listed:
1. /etc/pam.conf for the current PAM service name
@@ -71,7 +71,7 @@
The pam.conf file contains a listing of services. Each service is
paired with a corresponding service module. When a service is
requested, its associated module is invoked. Each entry may be a maxi-
- mum of 256 characters, including the end of line, and must be one of
+ mum of 256 characters, including the end of line, and must be in one of
the following two formats:
service_name module_type control_flag module_path options
@@ -237,7 +237,7 @@
ately return the first non-optional failure value recorded without
calling any subsequent modules. That is, return this failure unless
a previous required service module failed. If a previous required
- service module failed, then returns the first of those values.
+ service module failed, then return the first of those values.
sufficient
@@ -325,13 +325,12 @@
In the case of su, the user is authenticated by the inhouse and auth-
- tok_get, dhkeys, and unix_auth authentication modules. Because the
- inhouse and the other authentication modules are required and requi-
- site, respectively, an error is returned back to the application if any
- module fails. In addition, if the requisite authentication (pam_auth-
- tok_get authentication) fails, the other authentication modules are
- never invoked, and the error is returned immediately back to the appli-
- cation.
+ tok_get, and unix_auth authentication modules. Because the inhouse and
+ the other authentication modules are required and requisite, respec-
+ tively, an error is returned back to the application if any module
+ fails. In addition, if the requisite authentication (pam_authtok_get
+ authentication) fails, the other authentication modules are never
+ invoked, and the error is returned immediately back to the application.
In the case of login, the required keyword for control_flag requires
@@ -378,7 +377,7 @@
/etc/pam.conf Traditional PAM configuration file
- /etc/pam.d/service Alternate PAM configuration files
+ /etc/pam.d/service Per-service PAM configuration files
/usr/lib/$ISA/libpam.so.1 File that implements the PAM framework
@@ -396,13 +395,11 @@
OTHER auth requisite pam_authtok_get.so.1
- OTHER auth required pam_dhkeys.so.1
OTHER auth required pam_unix_auth.so.1
OTHER auth required pam_unix_cred.so.1
OTHER account requisite pam_roles.so.1
OTHER account required pam_unix_account.so.1
OTHER session required pam_unix_session.so.1
- OTHER password required pam_dhkeys.so.1
OTHER password requisite pam_authtok_get.so.1
OTHER password requisite pam_authtok_check.so.1
OTHER password required pam_authtok_store.so.1
@@ -521,21 +518,39 @@
SEE ALSO
login(1), passwd(1), syslog(3C), libpam(3LIB), pam(3PAM),
- attributes(7), environ(7), pam_authtok_check(7), pam_authtok_get(7),
- pam_authtok_store(7), pam_dhkeys(7), pam_krb5(7), pam_passwd_auth(7),
- pam_unix_account(7), pam_unix_auth(7), pam_unix_session(7),
- in.rlogind(8), in.rshd(8), in.telnetd(8), init(8), su(8), ttymon(8)
+ pam_eval(3PAM), attributes(7), environ(7), pam_authtok_check(7),
+ pam_authtok_get(7), pam_authtok_store(7), pam_krb5(7),
+ pam_passwd_auth(7), pam_unix_account(7), pam_unix_auth(7),
+ pam_unix_session(7), pam_user_policy(7), su(8)
Chapter 1, Using Pluggable Authentication Modules in Managing Authenti-
cation in Oracle Solaris 11.4
HISTORY
- Support for pam.d was added in Oracle Solaris 11.1.0.
+ Support for per-service files in pam.d, and per-user configuration via
+ pam_user_policy(7), was added in Oracle Solaris 11.1.0.
Support for pam.conf was added in Solaris 2.6.
+ Support for the following control_flag keywords is available in Solaris
+ starting with the listed release:
+
+
+ +-------------------------------------------------+---------+
+ | KEYWORD |RELEASE |
+ +-------------------------------------------------+---------+
+ |definitive |11.1.0 |
+ +-------------------------------------------------+---------+
+ |include |11.0.0 |
+ +-------------------------------------------------+---------+
+ |binding |10 3/05 |
+ +-------------------------------------------------+---------+
+ |optional, required, requisite, sufficient |2.6 |
+ +-------------------------------------------------+---------+
+
+
-Oracle Solaris 11.4 21 Jun 2021 pam.conf(5)
+Oracle Solaris 11.4 15 Mar 2023 pam.conf(5)
diff -NurbBw 11.4.57/man5/xdf.conf.5 11.4.60/man5/xdf.conf.5
--- 11.4.57/man5/xdf.conf.5 2023-08-23 17:32:54.933562806 -0700
+++ 11.4.60/man5/xdf.conf.5 2023-08-23 17:33:23.818228848 -0700
@@ -25,9 +25,21 @@
ring_page_order=4;
+ATTRIBUTES
+ See attributes(7) for descriptions of the following attributes:
+
+
+ +-----------------------------+-----------------------------+
+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+ +-----------------------------+-----------------------------+
+ |Architecture |x86 |
+ +-----------------------------+-----------------------------+
+ |Availability |driver/xvm/pv |
+ +-----------------------------+-----------------------------+
+
SEE ALSO
driver.conf(5)
-Oracle Solaris 11.4 10 May 2016 xdf.conf(5)
+Oracle Solaris 11.4 14 Jun 2023 xdf.conf(5)
diff -NurbBw 11.4.57/man7/cmi.7 11.4.60/man7/cmi.7
--- 11.4.57/man7/cmi.7 2023-08-23 17:32:54.999963820 -0700
+++ 11.4.60/man7/cmi.7 2023-08-23 17:33:23.881376473 -0700
@@ -1446,6 +1446,8 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
+ |Architecture |SPARC |
+ +-----------------------------+-----------------------------+
|Interface Stability |Uncommitted |
+-----------------------------+-----------------------------+
|Availability |system/cmi |
@@ -1457,4 +1459,4 @@
-Oracle Solaris 11.4 11 May 2021 cmi(7)
+Oracle Solaris 11.4 14 Jun 2023 cmi(7)
diff -NurbBw 11.4.57/man7/grub.7 11.4.60/man7/grub.7
--- 11.4.57/man7/grub.7 2023-08-23 17:32:55.030850014 -0700
+++ 11.4.60/man7/grub.7 2023-08-23 17:33:23.913257419 -0700
@@ -71,6 +71,18 @@
freshly-installed system, this file will not be present, so the admin-
istrator will need to create it.
+ATTRIBUTES
+ See attributes(7) for descriptions of the following attributes:
+
+
+ +-----------------------------+-----------------------------+
+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+ +-----------------------------+-----------------------------+
+ |Architecture |x86 |
+ +-----------------------------+-----------------------------+
+ |Availability |system/boot/grub |
+ +-----------------------------+-----------------------------+
+
SEE ALSO
boot(8), bootadm(8)
@@ -93,4 +105,4 @@
-Oracle Solaris 11.4 11 May 2021 grub(7)
+Oracle Solaris 11.4 14 Jun 2023 grub(7)
diff -NurbBw 11.4.57/man7/pam_allow.7 11.4.60/man7/pam_allow.7
--- 11.4.57/man7/pam_allow.7 2023-08-23 17:32:55.060780225 -0700
+++ 11.4.60/man7/pam_allow.7 2023-08-23 17:33:23.945518731 -0700
@@ -8,7 +8,7 @@
ment PAM module to allow operations
SYNOPSIS
- pam_allow.so.1
+ pam_allow.so.1 [debug]
DESCRIPTION
The pam_allow module implements all the PAM service module functions
@@ -20,13 +20,13 @@
stacked above pam_allow.
- The following options are interpreted:
+ The following option is accepted:
debug Provides syslog(3C) debugging information at the LOG_AUTH |
LOG_DEBUG level.
-ERRORS
+RETURN VALUES
PAM_SUCCESS is always returned.
EXAMPLES
@@ -89,9 +87,9 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
- |Interface Stability |Committed |
+ |Availability |system/library/pam-core |
+-----------------------------+-----------------------------+
- |MT Level |MT-Safe with exceptions |
+ |Interface Stability |Committed |
+-----------------------------+-----------------------------+
SEE ALSO
@@ -99,14 +97,13 @@
attributes(7), pam_deny(7), pam_unix_cred(7)
NOTES
- The interfaces in libpam(3LIB) are MT-Safe only if each thread within
- the multi-threaded application uses its own PAM handle.
-
-
This module is intended to be used to either allow access to specific
- services names, or to all service names not specified (by specifying it
+ service names, or to all service names not specified (by specifying it
as the default service stack).
+HISTORY
+ The pam_allow module was introduced in Oracle Solaris 11.0.0.
+
-Oracle Solaris 11.4 23 May 2012 pam_allow(7)
+Oracle Solaris 11.4 15 Mar 2023 pam_allow(7)
diff -NurbBw 11.4.57/man7/pam_authtok_check.7 11.4.60/man7/pam_authtok_check.7
--- 11.4.57/man7/pam_authtok_check.7 2023-08-23 17:32:55.093190904 -0700
+++ 11.4.60/man7/pam_authtok_check.7 2023-08-23 17:33:23.977287470 -0700
@@ -7,7 +7,7 @@
pam_authtok_check - authentication and password management module
SYNOPSIS
- pam_authtok_check.so.1
+ pam_authtok_check.so.1 [debug] [force_check] [server_policy]
DESCRIPTION
pam_authtok_check provides functionality to the Password Management
@@ -80,9 +80,9 @@
- The following option may be passed to the module:
+ The following options may be passed to the module:
- force_check If the PAM_NO_AUTHTOK_CHECK flag set, force_check
+ force_check If the PAM_NO_AUTHTOK_CHECK flag is set, force_check
ignores this flag. The PAM_NO_AUTHTOK_CHECK flag can
be set to bypass password checks (see pam_chauth-
tok(3PAM)).
@@ -115,9 +115,9 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
- |Interface Stability |Committed |
+ |Availability |system/library/pam-core |
+-----------------------------+-----------------------------+
- |MT Level |MT-Safe with exceptions |
+ |Interface Stability |Committed |
+-----------------------------+-----------------------------+
SEE ALSO
@@ -126,10 +126,23 @@
pam_authtok_store(7), pam_dhkeys(7), pam_passwd_auth(7),
pam_unix_account(7), pam_unix_auth(7), pam_unix_session(7), mkpwdict(8)
-NOTES
- The interfaces in libpam(3LIB) are MT-Safe only if each thread within
- the multi-threaded application uses its own PAM handle.
+HISTORY
+ Support for the force_check option was added in Oracle Solaris 10 8/11
+ (Update 10).
+
+
+ Support for the server_policy option was added in Solaris 10 3/05.
+
+
+ The pam_authtok_check module was introduced in Solaris 9, and later
+ backported to patches for Solaris 8. This included support for the
+ debug option. Prior to that, these checks were performed in the
+ pam_unix module.
+
+
+ See the History section of the passwd(1) man page for the history of
+ the /etc/default/passwd configuration settings.
-Oracle Solaris 11.4 11 May 2021 pam_authtok_check(7)
+Oracle Solaris 11.4 15 Mar 2023 pam_authtok_check(7)
diff -NurbBw 11.4.57/man7/pam_authtok_get.7 11.4.60/man7/pam_authtok_get.7
--- 11.4.57/man7/pam_authtok_get.7 2023-08-23 17:32:55.122928577 -0700
+++ 11.4.60/man7/pam_authtok_get.7 2023-08-23 17:33:24.008189149 -0700
@@ -7,32 +7,32 @@
pam_authtok_get - authentication and password management module
SYNOPSIS
- pam_authtok_get.so.1
+ pam_authtok_get.so.1 [debug]
DESCRIPTION
The pam_authtok_get service module provides password prompting func-
tionality to the PAM stack. It implements pam_sm_authenticate() and
pam_sm_chauthtok(), providing functionality to both the Authentication
- Stack and the Password Management Stack.
+ stack and the Password Management stack.
Authentication Service
- The implementation of pam_sm_authenticate(3PAM) prompts the user name
- if not set and then tries to get the authentication token from the pam
- handle. If the token is not set, it then prompts the user for a pass-
- word and stores it in the PAM item PAM_AUTHTOK. This module is meant to
- be the first module on an authentication stack where users are to
- authenticate using a keyboard.
+ The implementation of pam_sm_authenticate(3PAM) prompts for the user
+ name if not set and then tries to get the authentication token from the
+ pam handle. If the token is not set, it then prompts the user for a
+ password and stores it in the PAM item PAM_AUTHTOK. This module is
+ meant to be the first module on an authentication stack where users are
+ to authenticate using a keyboard.
Password Management Service
Due to the nature of the PAM Password Management stack traversal mecha-
nism, the pam_sm_chauthtok(3PAM) function is called twice. Once with
- the PAM_PRELIM_CHECK flag, and one with the PAM_UPDATE_AUTHTOK flag.
+ the PAM_PRELIM_CHECK flag, and once with the PAM_UPDATE_AUTHTOK flag.
In the first (PRELIM) invocation, the implementation of pam_sm_chauth-
tok(3PAM) moves the contents of the PAM_AUTHTOK (current authentication
- token) to PAM_OLDAUTHTOK, and subsequentially prompts the user for a
- new password. This new password is stored in PAM_AUTHTOK.
+ token) to PAM_OLDAUTHTOK, and then prompts the user for a new password.
+ This new password is stored in PAM_AUTHTOK.
If a previous module has set PAM_OLDAUTHTOK prior to the invocation of
@@ -51,8 +51,8 @@
debug syslog(3C) debugging information at the LOG_DEBUG level
-ERRORS
- The authentication service returns the following error codes:
+RETURN VALUES
+ The authentication service returns the following values:
PAM_SUCCESS Successfully obtains authentication token
@@ -61,7 +61,7 @@
- The password management service returns the following error codes:
+ The password management service returns the following values:
PAM_SUCCESS Successfully obtains authentication token
@@ -76,9 +76,9 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
- |Interface Stability |Committed |
+ |Availability |system/library/pam-core |
+-----------------------------+-----------------------------+
- |MT Level |MT-Safe with exceptions |
+ |Interface Stability |Committed |
+-----------------------------+-----------------------------+
SEE ALSO
@@ -87,10 +87,11 @@
pam_dhkeys(7), pam_passwd_auth(7), pam_unix_account(7),
pam_unix_auth(7), pam_unix_session(7)
-NOTES
- The interfaces in libpam(3LIB) are MT-Safe only if each thread within
- the multi-threaded application uses its own PAM handle.
+HISTORY
+ The pam_authtok_get module was introduced in Solaris 9, and later back-
+ ported to patches for Solaris 8. This included support for the debug
+ option. Prior to that, this work was performed in the pam_unix module.
-Oracle Solaris 11.4 5 Dec 2013 pam_authtok_get(7)
+Oracle Solaris 11.4 15 Mar 2023 pam_authtok_get(7)
diff -NurbBw 11.4.57/man7/pam_authtok_store.7 11.4.60/man7/pam_authtok_store.7
--- 11.4.57/man7/pam_authtok_store.7 2023-08-23 17:32:55.152158284 -0700
+++ 11.4.60/man7/pam_authtok_store.7 2023-08-23 17:33:24.039248119 -0700
@@ -7,7 +7,7 @@
pam_authtok_store - password management module
SYNOPSIS
- pam_authtok_store.so.1
+ pam_authtok_store.so.1 [debug] [server_policy]
DESCRIPTION
pam_authtok_store provides functionality to the PAM password management
@@ -26,10 +26,10 @@
This module honors the PAM_REPOSITORY item, which, if set, specifies
which repository is to be updated. If PAM_REPOSITORY is unset, it fol-
- lows the nsswitch.conf(5).
+ lows the nsswitch.conf(5) configuration.
- The following option can be passed to the module:
+ The following options can be passed to the module:
debug syslog(3C) debugging information at the LOG_DEBUG
level
@@ -40,13 +40,13 @@
tion token before updating.
-ERRORS
- PAM_SUCCESS Successfully obtains authentication token
+RETURN VALUES
+ PAM_SUCCESS Successfully updated authentication token
- PAM_SYSTEM_ERR Fails to get username, service name, old password or
- new password, user name null or empty, or password
- null.
+ PAM_SYSTEM_ERR Failed to get username, service name, old password or
+ new password; user name was null or empty; or pass-
+ word was null.
ATTRIBUTES
@@ -56,9 +56,9 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
- |Interface Stability |Committed |
+ |Availability |system/library/pam-core |
+-----------------------------+-----------------------------+
- |MT Level |MT-Safe with exceptions |
+ |Interface Stability |Committed |
+-----------------------------+-----------------------------+
SEE ALSO
@@ -68,15 +68,17 @@
pam_unix_account(7), pam_unix_auth(7), pam_unix_session(7)
NOTES
- The interfaces in libpam(3LIB) are MT-Safe only if each thread within
- the multi-threaded application uses its own PAM handle.
-
-
If the PAM_REPOSITORY item_type is set and a service module does not
recognize the type, the service module does not process any informa-
tion, and returns PAM_IGNORE. If the PAM_REPOSITORY item_type is not
set, a service module performs its default action.
+HISTORY
+ The pam_authtok_store module was introduced in Solaris 9, and later
+ backported to patches for Solaris 8. This included support for the
+ debug option. Prior to that, this work was performed in the pam_unix
+ module.
+
-Oracle Solaris 11.4 15 Jun 2011 pam_authtok_store(7)
+Oracle Solaris 11.4 15 Mar 2023 pam_authtok_store(7)
diff -NurbBw 11.4.57/man7/pam_deny.7 11.4.60/man7/pam_deny.7
--- 11.4.57/man7/pam_deny.7 2023-08-23 17:32:55.193146050 -0700
+++ 11.4.60/man7/pam_deny.7 2023-08-23 17:33:24.071623374 -0700
@@ -8,21 +8,21 @@
PAM module to deny operations
SYNOPSIS
- pam_deny.so.1
+ pam_deny.so.1 [debug]
DESCRIPTION
The pam_deny module implements all the PAM service module functions and
returns the module type default failure return code for all calls.
- The following options are interpreted:
+ The following option is accepted:
debug syslog(3C) debugging information at the LOG_AUTH|LOG_DEBUG
levels
-ERRORS
- The following error codes are returned:
+RETURN VALUES
+ The following values are returned:
PAM_ACCT_EXPIRED If pam_sm_acct_mgmt is called.
@@ -105,6 +101,8 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
+ |Availability |system/library/pam-core |
+ +-----------------------------+-----------------------------+
|Interface Stability |Committed |
+-----------------------------+-----------------------------+
|MT-Level |MT-Safe with exceptions |
@@ -118,14 +116,13 @@
pam_unix_session(7), privileges(7), su(8)
NOTES
- The interfaces in libpam(3LIB) are MT-Safe only if each thread within
- the multi-threaded application uses its own PAM handle.
-
-
The pam_deny module is intended to deny access to a specified service.
The other service name may be used to deny access to services not
explicitly specified.
+HISTORY
+ The pam_deny module was introduced in Solaris 10 3/05.
+
-Oracle Solaris 11.4 23 Jan 2023 pam_deny(7)
+Oracle Solaris 11.4 15 Mar 2023 pam_deny(7)
diff -NurbBw 11.4.57/man7/pam_dhkeys.7 11.4.60/man7/pam_dhkeys.7
--- 11.4.57/man7/pam_dhkeys.7 2023-08-23 17:32:55.225050395 -0700
+++ 11.4.60/man7/pam_dhkeys.7 2023-08-23 17:33:24.102406070 -0700
@@ -7,7 +7,7 @@
pam_dhkeys - authentication Diffie-Hellman keys management module
SYNOPSIS
- pam_dhkeys.so.1
+ pam_dhkeys.so.1 [debug] [nowarn]
DESCRIPTION
The pam_dhkeys.so.1 service module provides functionality to two PAM
@@ -16,7 +16,7 @@
Secure RPC authentication differs from regular UNIX authentication
- because ONC RPCs use Secure RPC as the underlying security mechanism.
+ because ONC RPC uses Secure RPC as the underlying security mechanism.
The following options may be passed to the module:
@@ -52,8 +52,8 @@
data item called SUNW_OLDRPCPASS. This data item can be used by the
store module to effectively update the users secret keys.
-ERRORS
- The authentication service returns the following error codes:
+RETURN VALUES
+ The authentication service returns the following values:
PAM_SUCCESS Credentials set successfully.
@@ -66,7 +66,7 @@
PAM_AUTH_ERR No secret keys were set. PAM_AUTHTOK is not set, no
- credentials are present or there is a wrong pass-
+ credentials are present, or there is a wrong pass-
word.
@@ -74,7 +74,7 @@
- The authentication token management returns the following error codes:
+ The authentication token management returns the following values:
PAM_SUCCESS Old rpc password is set in SUNW_OLDRPCPASS
@@ -96,9 +96,9 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
- |Interface Stability |Committed |
+ |Availability |legacy/security/rpc-authdes |
+-----------------------------+-----------------------------+
- |MT Level |MT-Safe with exceptions |
+ |Interface Stability |Obsolete Committed |
+-----------------------------+-----------------------------+
SEE ALSO
@@ -106,13 +106,28 @@
pam_authenticate(3PAM), pam_chauthtok(3PAM), pam_get_data(3PAM),
pam_get_item(3PAM), pam_set_data(3PAM), pam_setcred(3PAM), pam.conf(5),
attributes(7), pam_authtok_check(7), pam_authtok_get(7), pam_auth-
- tok_store(7), pam_passwd_auth(7), pam_unix_account(7),
+ tok_store(7), pam_passwd_auth(7), pam_gss_s4u(7), pam_unix_account(7),
pam_unix_auth(7), pam_unix_session(7)
NOTES
- The interfaces in libpam(3LIB) are MT-Safe only if each thread within
- the multi-threaded application uses its own PAM handle.
+ The AUTH_DES authentication method used by pam_dhkeys is obsolete and
+ has been superseded in recommendation and practice by RPCSEC_GSS and
+ the Kerberos Version 5 GSS-API plugin. Support for AUTH_DES, including
+ the pam_dhkeys module may be removed in a future Support Repository
+ Update (SRU) of Oracle Solaris.
+HISTORY
+ The pam_dhkeys module was declared Obsolete in 2016 along with the rest
+ of the AUTH_DES authentication support. The pam_dhkeys module was
+ removed from the system provided PAM configuration files and moved to
+ the legacy/security/rpc-authdes package in the Oracle Solaris 11.4.21
+ release.
-Oracle Solaris 11.4 11 May 2021 pam_dhkeys(7)
+ The pam_dhkeys module was introduced in Solaris 9, and later backported
+ to patches for Solaris 8. This included support for the debug and
+ nowarn options.
+
+
+
+Oracle Solaris 11.4 15 Mar 2023 pam_dhkeys(7)
diff -NurbBw 11.4.57/man7/pam_dial_auth.7 11.4.60/man7/pam_dial_auth.7
--- 11.4.57/man7/pam_dial_auth.7 2023-08-23 17:32:55.257917609 -0700
+++ 11.4.60/man7/pam_dial_auth.7 2023-08-23 17:33:24.133193424 -0700
@@ -7,7 +7,7 @@
pam_dial_auth - authentication management PAM module for dialups
SYNOPSIS
- pam_dial_auth.so.1
+ pam_dial_auth.so.1 [debug]
DESCRIPTION
The pam_dial_auth module implements pam_sm_authenticate(3PAM) which
@@ -31,7 +31,7 @@
debug syslog(3C) debugging information at LOG_DEBUG level.
-ERRORS
+RETURN VALUES
If dialups(5) is not present, PAM_IGNORE is returned. Upon successful
completion of pam_sm_authenticate(), PAM_SUCCESS is returned. The fol-
lowing error codes are returned upon error:
@@ -55,7 +55,9 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
- |MT Level |MT-Safe with exceptions |
+ |Availability |system/library/pam-core |
+ +-----------------------------+-----------------------------+
+ |Interface Stability |Committed |
+-----------------------------+-----------------------------+
SEE ALSO
@@ -65,10 +67,14 @@
pam_dhkeys(7), pam_passwd_auth(7), pam_unix_account(7),
pam_unix_auth(7), pam_unix_session(7)
-NOTES
- The interfaces in libpam(3LIB) are MT-Safe only if each thread within
- the multi-threaded application uses its own PAM handle.
+HISTORY
+ The pam_dial_auth module was removed from the system provided PAM con-
+ figuration files in the Oracle Solaris 11.4.21 release.
+
+
+ The pam_dial_auth module was introduced in Solaris 2.6. This included
+ support for the debug option.
-Oracle Solaris 11.4 15 Jun 2011 pam_dial_auth(7)
+Oracle Solaris 11.4 15 Mar 2023 pam_dial_auth(7)
diff -NurbBw 11.4.57/man7/pam_fm_notify.7 11.4.60/man7/pam_fm_notify.7
--- 11.4.57/man7/pam_fm_notify.7 2023-08-23 17:32:55.289021606 -0700
+++ 11.4.60/man7/pam_fm_notify.7 2023-08-23 17:33:24.163337781 -0700
@@ -8,7 +8,7 @@
count
SYNOPSIS
- /usr/lib/security/pam_fm_notify.so.1
+ pam_fm_notify.so.1 [debug] [nowarn]
DESCRIPTION
When PAM configurations for various sessions are updated to use the
@@ -27,16 +26,16 @@
nowarn Disables displaying the FMA statistics.
-
RETURN VALUES
pam_fm_notify.so.1 always returns PAM_IGNORE.
EXAMPLES
- Example 1 Configuring to display fm_statistics() for a ssh session
+ Example 1 Configuring to display FMA status for a login session
- In the /etc/pam.d/other just after the pam_unix_session.so.1 include:
+ In the appropriate /etc/pam.d/ file, just after the pam_unix_ses-
+ sion.so.1 line, include:
session optional pam_fm_notify.so.1
@@ -44,19 +43,12 @@
- Adding the pam_fm_notify.so.1 will display the following output on the
- beginning of ssh session (if there are any unresolved faults or
- alerts).
-
-
- Note -
-
+ Adding pam_fm_notify.so.1 will display output similar to the following
+ at the beginning of a login session, if there are any unresolved
+ faults, defects, or alerts.
-
- The system has 8 active faults and alerts. Run fmadm list for details
- and for more information, see the fmadm(8) man page.
-
+ NOTE: The system has 8 active faults; run 'fmadm list' for details.
ATTRIBUTES
@@ -66,12 +58,17 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
+ |Availability |system/library/pam-core |
+ +-----------------------------+-----------------------------+
|Interface Stability |Committed |
+-----------------------------+-----------------------------+
SEE ALSO
libpam(3LIB), pam(3PAM), fmadm(8), fmd(8), fmstat(8)
+HISTORY
+ The pam_fm_notify module was introduced in Oracle Solaris 11.4.0.
+
-Oracle Solaris 11.4 22 Sept 2016 pam_fm_notify(7)
+Oracle Solaris 11.4 15 Mar 2023 pam_fm_notify(7)
diff -NurbBw 11.4.57/man7/pam_gss_s4u.7 11.4.60/man7/pam_gss_s4u.7
--- 11.4.57/man7/pam_gss_s4u.7 2023-08-23 17:32:55.318387391 -0700
+++ 11.4.60/man7/pam_gss_s4u.7 2023-08-23 17:33:24.195394784 -0700
@@ -7,7 +7,7 @@
pam_gss_s4u - set credential PAM module for Services For Users (S4U)
SYNOPSIS
- /usr/lib/security/pam_gss_s4u.so.1
+ pam_gss_s4u.so.1 [debug] [nowarn]
DESCRIPTION
The pam_gss_s4u module attempts to obtain credentials on behalf of
@@ -17,17 +17,17 @@
those executed from cron(8) or at(1).
GSS-API Set Credential Module
- The GSS-API S4U module provides the set credential function for
- pam_sm_setcred(). The credentials can be set from initial authentica-
- tion credentials using the host's keys by stacking the
- pam_krb5_keytab(7) module before pam_gss_s4u(7). Subsequently, these
- credentials can be used to obtain credentials for itself on behalf of a
- user, S4U2Self. The resulting credentials can be used to obtain a ser-
- vice ticket for a target service on behalf of the user, S4U2Proxy.
+ The pam_gss_s4u module provides the set credential function pam_sm_set-
+ cred(). The credentials can be set from initial authentication creden-
+ tials using the host's keys by stacking the pam_krb5_keytab(7) module
+ before pam_gss_s4u(7). Subsequently, these credentials can be used to
+ obtain credentials for itself on behalf of a user, S4U2Self. The
+ resulting credentials can be used to obtain a service ticket for a tar-
+ get service on behalf of the user, S4U2Proxy.
- The following options can be passed to the GSS-API set credential mod-
- ule:
+ The following options can be passed to the pam_gss_s4u set credential
+ module:
debug Provides syslog(3C) debugging information at LOG_DEBUG level.
@@ -36,12 +36,11 @@
GSS-API Authentication Module
- The Kerberos key table authentication module provides the authentica-
- tion function for pam_sm_authenticate(). The function returns
- PAM_IGNORE.
+ The pam_gss_s4u module also provides the authentication function for
+ pam_sm_authenticete(). This function returns PAM_IGNORE.
-ERRORS
- The following error codes are returned for pam_sm_setcred():
+RETURN VALUES
+ The following values are returned for pam_sm_setcred():
PAM_CRED_UNAVAIL The initial authentication credentials does not
exist.
@@ -84,21 +81,33 @@
pam_krb5_keytab(7). Subsequently, these credentials will be used to
obtain S4U credentials for PAM_USER.
+FILES
+ /etc/security/pam_policy/gss_s4u
+
+ A pam.conf fragment suitable for use with pam_user_policy(7).
+
+
ATTRIBUTES
- See attributes(7) for a description of the following attribute:
+ See attributes(7) for a description of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
+ |Availability |service/security/kerberos-5 |
+ +-----------------------------+-----------------------------+
|Interface Stability |Committed |
+-----------------------------+-----------------------------+
SEE ALSO
kinit(1), syslog(3C), libpam(3LIB), pam(3PAM), pam_sm(3PAM),
pam_sm_authenticate(3PAM), pam_sm_setcred(3PAM), pam.conf(5),
- attributes(7), pam_krb5(7), pam_krb5_keytab(7)
+ attributes(7), pam_krb5(7), pam_krb5_keytab(7), pam_user_policy(7)
+
+HISTORY
+ The pam_gss_s4u module was introduced in Oracle Solaris 11.2.0. This
+ included support for the debug and nowarn options.
-Oracle Solaris 11.4 6 Feb 2020 pam_gss_s4u(7)
+Oracle Solaris 11.4 15 Mar 2023 pam_gss_s4u(7)
diff -NurbBw 11.4.57/man7/pam_krb5_keytab.7 11.4.60/man7/pam_krb5_keytab.7
--- 11.4.57/man7/pam_krb5_keytab.7 2023-08-23 17:32:55.350818916 -0700
+++ 11.4.60/man7/pam_krb5_keytab.7 2023-08-23 17:33:24.228208901 -0700
@@ -8,7 +8,7 @@
the Kerberos key table file
SYNOPSIS
- /usr/lib/security/pam_krb5_keytab.so.1
+ pam_krb5_keytab.so.1 [debug] [nowarn]
DESCRIPTION
The pam_krb5_keytab module attempts to obtain initial credentials
@@ -40,8 +40,8 @@
tion function for pam_sm_authenticate(). The function returns
PAM_IGNORE.
-ERRORS
- The following error codes are returned for pam_sm_setcred():
+RETURN VALUES
+ The following values are returned for pam_sm_setcred():
PAM_CRED_UNAVAIL The system's key table file does not exist or the
system's principal was not found in the key table
@@ -104,22 +102,27 @@
For more information, see the pam_user_policy(7) man page.
-
ATTRIBUTES
- See attributes(7) for a description of the following attribute:
+ See attributes(7) for a description of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
+ |Availability |service/security/kerberos-5 |
+ +-----------------------------+-----------------------------+
|Interface Stability |Committed |
+-----------------------------+-----------------------------+
SEE ALSO
kinit(1), syslog(3C), libpam(3LIB), pam(3PAM), pam_sm(3PAM),
pam_sm_authenticate(3PAM), pam_sm_setcred(3PAM), pam.conf(5),
- attributes(7), pam_gss_s4u(7), pam_krb5(7)
+ attributes(7), kerberos(7), pam_gss_s4u(7), pam_krb5(7), pam_user_pol-
+ icy(7), usermod(8)
+
+HISTORY
+ The pam_krb5_keytab module was introduced in Oracle Solaris 11.2.0.
-Oracle Solaris 11.4 6 Feb 2020 pam_krb5_keytab(7)
+Oracle Solaris 11.4 15 Mar 2023 pam_krb5_keytab(7)
diff -NurbBw 11.4.57/man7/pam_krb5_migrate.7 11.4.60/man7/pam_krb5_migrate.7
--- 11.4.57/man7/pam_krb5_migrate.7 2023-08-23 17:32:55.381878600 -0700
+++ 11.4.60/man7/pam_krb5_migrate.7 2023-08-23 17:33:24.278274067 -0700
@@ -8,7 +8,8 @@
migration of users feature
SYNOPSIS
- /usr/lib/security/pam_krb5_migrate.so.1
+ pam_krb5_migrate.so.1 [debug] [client_service=service-name] [quiet]
+ [expire_pw]
DESCRIPTION
The KerberosV5 auto-migrate service module for PAM provides functional-
@@ -46,7 +47,8 @@
ment that it be listed below pam_authtok_get(7) in the authentication
stack. Also, if pam_krb5_migrate is used in the authentication stack of
a particular service, it is mandatory that pam_krb5(7) be listed in the
- PAM account stack of that service for proper operation (see EXAMPLES).
+ PAM account stack of that service for proper operation (see the exam-
+ ples below).
OPTIONS
The following options can be passed to the KerberosV5 auto-migrate
@@ -57,12 +59,12 @@
Provides syslog(3C) debugging information at LOG_DEBUG level.
- client_service=<service name>
+ client_service=service-name
Name of the service used to authenticate to kadmind(8) defaults to
- host. This means that the module uses host/<nodename.fqdn> as its
+ host. This means that the module uses host/nodename.fqdn as its
client service principal name, KerberosV5 user principal creation
- operation or <service>/<nodename.fqdn> if this option is provided.
+ operation or service-name/nodename.fqdn if this option is provided.
quiet
@@ -181,22 +179,27 @@
account required pam_unix_account.so.1
-
ATTRIBUTES
- See attributes(7) for a description of the following attribute:
+ See attributes(7) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
+ |Availability |service/security/kerberos-5 |
+ +-----------------------------+-----------------------------+
|Interface Stability |Committed |
+-----------------------------+-----------------------------+
SEE ALSO
syslog(3C), pam_acct_mgmt(3PAM), pam_authenticate(3PAM), pam_sm_authen-
- ticate(3PAM), pam.conf(5), attributes(7), pam_authtok_get(7),
- pam_krb5(7), kadmind(8)
+ ticate(3PAM), pam.conf(5), attributes(7), kerberos(7), pam_auth-
+ tok_get(7), pam_krb5(7), kadmind(8)
+
+HISTORY
+ The pam_krb5_migrate module was introduced in the Solaris 10 3/05
+ release, and backported to patches for Solaris 9.
-Oracle Solaris 11.4 9 Mar 2022 pam_krb5_migrate(7)
+Oracle Solaris 11.4 15 Mar 2023 pam_krb5_migrate(7)
diff -NurbBw 11.4.57/man7/pam_krb5.7 11.4.60/man7/pam_krb5.7
--- 11.4.57/man7/pam_krb5.7 2023-08-23 17:32:55.439720631 -0700
+++ 11.4.60/man7/pam_krb5.7 2023-08-23 17:33:24.322239556 -0700
@@ -8,14 +8,14 @@
PAM modules for Kerberos V5
SYNOPSIS
- /usr/lib/security/pam_krb5.so.1
+ pam_krb5.so.1 [debug] [nowarn] [pkinit] [realm=realm_name]
DESCRIPTION
The Kerberos V5 service module for PAM provides functionality for all
four PAM modules: authentication, account management, session manage-
ment, and password management. The service module is a shared object
that can be dynamically loaded to provide the necessary functionality
- upon demand. Its path is specified in the PAM configuration file.
+ upon demand, as specified in the PAM configuration file.
Kerberos Authentication Module
The Kerberos V5 authentication component provides functions to verify
@@ -34,8 +34,8 @@
to get a service ticket for the local host service. For this to suc-
ceed, the local host's keytab file (/etc/krb5/krb5.keytab) must contain
the entry for the local host service. For example, in the file
- host/hostname.com@REALM, hostname.com is the fully qualified local
- hostname and REALM is the default realm of the local host as defined in
+ host/hostname@REALM, hostname is the fully qualified local hostname and
+ REALM is the default realm of the local host as defined in
/etc/krb5/krb5.conf. If the host entry is not found in the keytab file,
the authentication fails. Administrators can optionally disable this
"strict" verification by setting "verify_ap_req_nofail = false" in
@@ -82,12 +82,6 @@
this prompting.
- The pam_krb5 module sets the KRB5CCNAME shell environment variable upon
- successful authentication or password change to FILE:/tmp/volatile-
- user/uid/krb5cc_uid where uid is the UID of the user that pam_krb5
- authenticated.
-
-
If it is desirable to initially have the Kerberos V5 authentication
module try PKINIT Kerberos authentication and fall back to password
based Kerberos authentication then either the sufficient or optional
@@ -100,7 +94,7 @@
control flag should be set to sufficient.
- Only two instances of pam_krb5 are supported in a auth stack.
+ Only two instances of pam_krb5 are supported in an auth stack.
pam_sm_authenticate(3PAM) can be passed the following flag:
@@ -182,7 +176,8 @@
There could be possibilities that principals
names have collisions across multiple realms.
This could have a negative affect in environments
- that have n-strikes for authentication attempts.
+ that have n-strikes limits for authentication
+ attempts.
@@ -209,9 +204,9 @@
Kerberos V5 Session Management Module
- The Kerberos V5 session management component provides functions to ini-
- tiate pam_sm_open_session() and terminate pam_sm_close_session() Ker-
- beros sessions. For Kerberos V5, both pam_sm_open_session and
+ The Kerberos V5 session management component provides pam_sm_open_ses-
+ sion() to initiate, and pam_sm_close_session() to terminate Kerberos
+ sessions. For Kerberos V5, both pam_sm_open_session and
pam_sm_close_session() are null functions, returning PAM_IGNORE.
Kerberos V5 Password Management Module
@@ -251,7 +246,7 @@
Local policy for password strength enforced by pam_authtok_check(7) is
- bypassed, because kerberos passwords follow policy set by KDC (a.k.a.
+ bypassed, because Kerberos passwords follow policy set by KDC (a.k.a.
remote server policy). See examples section for more details.
@@ -282,8 +277,8 @@
debug Provides syslog(3C) debugging information at LOG_DEBUG level.
-ERRORS
- The following error codes are returned for pam_sm_authenticate():
+RETURN VALUES
+ The following values are returned for pam_sm_authenticate():
PAM_AUTH_ERR Authentication failure
@@ -324,7 +319,7 @@
- The following error codes are returned for pam_sm_acct_mgmt():
+ The following values are returned for pam_sm_acct_mgmt():
PAM_AUTH_ERR Authentication failure.
@@ -350,7 +345,7 @@
- The following error code is returned for pam_sm_open_session() and
+ The following value is returned for pam_sm_open_session() and
pam_sm_close_session():
PAM_IGNORE These two functions are null functions in pam_krb5:
@@ -405,11 +400,11 @@
Alternatively, to make this the default PAM policy for all users on the
- system, the PAM_POLICY= key in policy.conf can be edited to specify
+ system, the PAM_POLICY value in policy.conf can be set to specify
krb5_first. This is functionally equivalent to editing the PAM configu-
- ration on the system, /etc/pam.conf or /etc/pam.d/<service>, for all
- non-Kerberized services to insert pam_krb5 before the equivalent PAM
- modules which handle UNIX authentication with a control flag of 'suffi-
+ ration on the system, /etc/pam.conf or /etc/pam.d/service, for all non-
+ Kerberized services to insert pam_krb5 before the equivalent PAM mod-
+ ules which handle UNIX authentication with a control flag of 'suffi-
cient'. For example, the gdm-password service is configured as follows:
@@ -452,13 +449,12 @@
Also note there might be users with both credentials in such mixed
environment. For example user maria can have both passwords (local and
- kerberos) set. In such case PAM policy attempts to authenticate the
- user using kerberos. If kerberos fails,then PAM uses the same creden-
+ Kerberos) set. In this case PAM policy attempts to authenticate the
+ user using Kerberos. If Kerberos fails, then PAM uses the same creden-
tial the user has entered and retries with local password database
- using pam_unix_auth pam_unix_auth(7). The same principle applies to
- password change, PAM attempts to change kerberos password first, if it
- fails, then it tries to update local password.
-
+ using pam_unix_auth(7). The same principle applies to password change,
+ PAM attempts to change the Kerberos password first, if it fails, then
+ it tries to update the local password.
Example 2 Authenticating Users Through Kerberos Only Using Password-
based Authentication
@@ -481,10 +477,10 @@
Alternatively, to make this the default PAM policy for all users on the
- system, the PAM_POLICY= key in policy.conf can be edited to specify
+ system, the PAM_POLICY value in policy.conf can be set to specify
krb5_only. This is functionally equivalent to editing the PAM configu-
- ration on the system, /etc/pam.conf or /etc/pam.d/<service>, for all
- non-Kerberized services to replacing the PAM modules which handle UNIX
+ ration on the system, /etc/pam.conf or /etc/pam.d/service, for all non-
+ Kerberized services to replacing the PAM modules which handle UNIX
authentication, account management, and password management with
pam_krb5. For example, the gdm-password service is configured as fol-
lows:
@@ -564,10 +561,10 @@
Alternatively, to make this the default PAM policy for all users on the
- system, the PAM_POLICY= key in policy.conf can be edited to specify
+ system, the PAM_POLICY value in policy.conf can be set to specify
krb5_optional. This is functionally equivalent to editing the PAM con-
- figuration on the system, /etc/pam.conf or /etc/pam.d/<service>, for
- all non-Kerberized services to append pam_krb5 after the equivalent PAM
+ figuration on the system, /etc/pam.conf or /etc/pam.d/service, for all
+ non-Kerberized services to append pam_krb5 after the equivalent PAM
modules which handle UNIX authentication with a control flag of
'optional'. For example, the gdm-password service is configured as fol-
lows:
@@ -616,13 +614,12 @@
- Unlike krb5_first, user is always authenticated using local password.
- The PAM stack then uses the same password to obtain a kerberos tgt
- ticket so user does not need to do explicit kint(1)after obtaining a
- login shell. The same principle applies to password change. passwd(1)
- changes local password first, if it is successful it tries to change
- kerberos password.
-
+ Unlike krb5_first, the user is always authenticated using their local
+ password. The PAM stack then uses the same password to obtain a Ker-
+ beros TGT so the user does not need to explicitly run kinit(1) after
+ obtaining a login shell. The same principle applies to password change.
+ passwd(1) changes the local password first, then if it is successful it
+ tries to change the Kerberos password.
Example 4 Authenticating Users Through Kerberos PKINIT as First Choice
@@ -793,11 +766,10 @@
For example:
-
gdm-password auth definitive pam_user_policy.so.1
gdm-password auth required pam_unix_cred.so.1
gdm-password auth sufficient pam_krb5.so.1
- gdm-password auth sufficient pam_krb5.so.1 realm=EXAMPLE1.COM
+ gdm-password auth sufficient pam_krb5.so.1 realm=EXAMPLE.COM
gdm-password auth required pam_unix_auth.so.1
@@ -803,10 +775,9 @@
-
This will cause an initial authentication attempt for default_realm, as
configured in the /etc/krb5/krb5.conf file, realm first. If this fails
- then an initial authentication attempt for the EXAMPLE1.COM is
+ then an initial authentication attempt for the EXAMPLE.COM realm is
attempted.
ATTRIBUTES
@@ -816,6 +787,8 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
+ |Availability |service/security/kerberos-5 |
+ +-----------------------------+-----------------------------+
|Interface Stability |Committed |
+-----------------------------+-----------------------------+
@@ -824,17 +797,17 @@
pam_sm(3PAM), pam_sm_acct_mgmt(3PAM), pam_sm_authenticate(3PAM),
pam_sm_chauthtok(3PAM), pam_sm_close_session(3PAM), pam_sm_open_ses-
sion(3PAM), pam_sm_setcred(3PAM), pam_user_policy(7), pam.conf(5),
- attributes(7), pam_krb5_migrate(7), ktkt_warnd(8)
+ attributes(7), kerberos(7), pam_krb5_migrate(7), pam_user_policy(7),
+ ktkt_warnd(8), usermod(8)
NOTES
- The interfaces in libpam(3LIB) are MT-Safe only if each thread within
- the multi-threaded application uses its own PAM handle.
-
-
On successful acquisition of initial credentials (ticket-granting
ticket), ktkt_warnd(8) is notified, to alert the user when the initial
credentials are about to expire.
+HISTORY
+ The pam_krb5 module was introduced in Solaris 8.
+
-Oracle Solaris 11.4 6 Feb 2020 pam_krb5(7)
+Oracle Solaris 11.4 15 Mar 2023 pam_krb5(7)
diff -NurbBw 11.4.57/man7/pam_ldap.7 11.4.60/man7/pam_ldap.7
--- 11.4.57/man7/pam_ldap.7 2023-08-23 17:32:55.476994280 -0700
+++ 11.4.60/man7/pam_ldap.7 2023-08-23 17:33:24.355721162 -0700
@@ -8,7 +8,7 @@
for LDAP
SYNOPSIS
- /usr/lib/security/pam_ldap.so.1
+ pam_ldap.so.1 [debug] [nowarn]
DESCRIPTION
The pam_ldap module implements pam_sm_authenticate(3PAM),
@@ -42,7 +42,7 @@
When stacked together, the UNIX modules are used to control local
accounts, such as root. pam_ldap is used to control network accounts,
that is, LDAP users. For the stacks to work, pam_unix_auth,
- pam_unix_account, pam_passwd_auth, pam_authtok_check and pam_auth-
+ pam_unix_account, pam_passwd_auth, pam_authtok_check, and pam_auth-
tok_store must be configured with the binding control flag and the
server_policy option. This configuration allows local account override
of a network account.
@@ -99,8 +99,8 @@
- These options are case sensitive, and the options must be used exactly
- as presented here.
+ These options are case sensitive and must be used exactly as presented
+ here.
LDAP Password Management Module
There are multiple ways to configure password management for LDAP. Each
@@ -116,11 +116,11 @@
- These options are case sensitive, and the options must be used exactly
- as presented here.
+ These options are case sensitive and must be used exactly as presented
+ here.
-ERRORS
- The authentication service returns the following error codes:
+RETURN VALUES
+ The authentication service returns the following values:
PAM_SUCCESS The authentication was successful.
@@ -145,7 +145,7 @@
- The account management service returns the following error codes:
+ The account management service returns the following values:
PAM_SUCCESS The user was allowed access to the account.
@@ -241,10 +241,10 @@
The following PAM stacks are for password management using pam_auth-
- tok_store when the PAM configuration is in /etc/pam.conf both local
- (/etc/default/passwd) and, if configured, directory server password
- qualification is desired. Lines that begin with the # symbol are com-
- ments and are ignored.
+ tok_store when the PAM configuration is in /etc/pam.conf, and both
+ local (/etc/default/passwd) and, if configured, directory server pass-
+ word qualification is desired. Lines that begin with the # symbol are
+ comments and are ignored.
# Password management (authentication)
@@ -365,18 +363,31 @@
more information, see pam_user_policy(7).
FILES
- /var/ldap/ldap_client_file The LDAP configuration files of the
- /var/ldap/ldap_client_cred client. Do not manually modify these
- files, as these files might not be human
- readable. Use ldapclient(8) to update
- these files.
+ /var/ldap/ldap_client_file
+ /var/ldap/ldap_client_cred
+
+ The LDAP configuration files of the client. Do not manually modify
+ these files, as these files might not be human readable. Use ldap-
+ client(8) to update these files.
+
+ /etc/pam.conf
- /etc/pam.conf PAM configuration file.
+ Traditional PAM configuration file.
- /etc/pam.d/service Alternate PAM configuration files.
+ /etc/pam.d/service
+
+ Per-service PAM configuration files.
+
+
+ /etc/security/pam_policy/ldap
+
+ A pam.conf fragment suitable for use with pam_user_policy(7). Uses
+ pam_ldap for authentication, account management, and password man-
+ agement for LDAP users, and the UNIX PAM modules for authentica-
+ tion, account management, and password management for UNIX users.
ATTRIBUTES
@@ -386,9 +397,9 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
- |Interface Stability |Committed |
+ |Availability |system/library/ldap |
+-----------------------------+-----------------------------+
- |MT-Level |MT-Safe with exceptions |
+ |Interface Stability |Committed |
+-----------------------------+-----------------------------+
SEE ALSO
@@ -398,7 +409,7 @@
pam.conf(5), attributes(7), ldap(7), pam_authtok_check(7), pam_auth-
tok_get(7), pam_authtok_store(7), pam_passwd_auth(7),
pam_unix_account(7), pam_unix_auth(7), pam_user_policy(7), idscon-
- fig(8), ldap_cachemgr(8), ldapclient(8)
+ fig(8), ldap_cachemgr(8), ldapclient(8), usermod(8)
In Working With Oracle Solaris 11.4 Directory and Naming Services: LDAP
@@ -409,14 +420,17 @@
Public Key Authentication."
NOTES
- The interfaces in libpam(3LIB) are MT-Safe only if each thread within
- the multi-threaded application uses its own PAM handle.
+ The functions pam_sm_setcred(3PAM), pam_sm_open_session(3PAM), and
+ pam_sm_close_session(3PAM) in pam_ldap do nothing and return
+ PAM_IGNORE.
+
+HISTORY
+ The /etc/security/pam_policy/ldap file was added in Oracle Solaris
+ 11.1.0.
- The functions: pam_sm_setcred(3PAM), pam_sm_open_session(3PAM), and
- pam_sm_close_session(3PAM) do nothing and return PAM_IGNORE in
- pam_ldap.
+ The pam_ldap module was introduced in Solaris 8.
-Oracle Solaris 11.4 23 Jan 2023 pam_ldap(7)
+Oracle Solaris 11.4 15 Mar 2023 pam_ldap(7)
diff -NurbBw 11.4.57/man7/pam_list.7 11.4.60/man7/pam_list.7
--- 11.4.57/man7/pam_list.7 2023-08-23 17:32:55.510953780 -0700
+++ 11.4.60/man7/pam_list.7 2023-08-23 17:33:24.388530843 -0700
@@ -7,23 +7,23 @@
pam_list - PAM account management module for UNIX
SYNOPSIS
- pam_list.so.1
+ pam_list.so.1 [allow=file | deny=file | compat] [debug] [user] [auser]
+ [nouser] [group] [host] [nohost] [norole] [role] [user_host_exact]
DESCRIPTION
The pam_list module implements pam_sm_acct_mgmt(3PAM), which provides
functionality to the PAM account management stack. The module provides
functions to validate that the user's account is valid on this host
- based on a list of users and/or netgroups in the given file. The users
- groups and netgroups are separated by newline character. Groups are
- specified with character '%' as a prefix. Netgroups are specified with
- character '@' as prefix before name of netgroup in the list. The maxi-
- mum line length is 1023 characters. A line containing a single '*'
+ based on a list of users and/or netgroups in the given file. The users,
+ groups, and netgroups are separated by newline character. Groups are
+ specified with a '%' character as a prefix. Netgroups are specified
+ with a '@' character as a prefix. A line containing a single '*'
matches any user/group/netgroup. A line starting with a '#' is treated
- as a comment.
+ as a comment. The maximum line length is 1023 characters.
The username is the value of PAM_USER. The host is the value of
- PAM_RHOST or, if PAM_RHOST is not set, the value of the localhost as
+ PAM_RHOST or, if PAM_RHOST is not set, the name of the local host as
returned by gethostname(3C) is used.
@@ -31,7 +31,7 @@
module will look for +/- entries in the local /etc/passwd file. If this
style is used, nsswitch.conf(5) must not be configured with compat for
the passwd database. If no relevant +/- entry exists for the user,
- pam_list is not participating in result.
+ pam_list is not participating in the result.
If compat option is specified then the module will look for +/- entries
@@ -46,7 +46,7 @@
The following options can be passed to the module:
- allow= The full pathname to a file of allowed users and/or
+ allow=file The full pathname to a file of allowed users and/or
netgroups. Only one of allow= or deny= can be speci-
fied.
@@ -54,7 +54,7 @@
compat Activate compat mode.
- deny= The full pathname to a file of denied users and/or
+ deny=file The full pathname to a file of denied users and/or
netgroups. Only one of deny= or allow= can be speci-
fied.
@@ -100,8 +100,8 @@
user_host_exact The user and hostname must be in the same netgroup.
-ERRORS
- The following error values are returned:
+RETURN VALUES
+ The following values are returned:
PAM_SERVICE_ERR An invalid set of module options was specified in
the PAM configuration (see pam.conf(5)) for this
@@ -203,19 +201,37 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
- |Interface Stability |Committed |
+ |Availability |system/library/pam-core |
+-----------------------------+-----------------------------+
- |MT-Level |MT-Safe with exceptions |
+ |Interface Stability |Committed |
+-----------------------------+-----------------------------+
-
- The interfaces in libpam(3LIB) are MT-Safe only if each thread within
- the multithreaded application uses its own PAM handle.
-
SEE ALSO
syslog(3C), libpam(3LIB), pam_authenticate(3PAM), pam(3PAM),
pam_sm_acct_mgmt(3PAM), nsswitch.conf(5), pam.conf(5), attributes(7)
+HISTORY
+ The auser option was added in Oracle Solaris 11.4.35.
+
+
+ Support for using '*' as a wildcard entry, and for '#' to start comment
+ lines, was added in Oracle Solaris 11.3.31.
+
+
+ The group option, and support for using a '%' prefix to denote groups,
+ was added in Oracle Solaris 11.3.24.
+
+
+ The role and norole options were added in Oracle Solaris 11.0.0.
+
+
+ The compat option was added in Oracle Solaris 10 9/10 (Update 9).
+
+
+ The pam_list module was introduced in Solaris 10 8/08 (Update 6),
+ including support for the allow, deny, user, nouser, host, nohost, and
+ user_host_exact options.
+
-Oracle Solaris 11.4 April 2021 pam_list(7)
+Oracle Solaris 11.4 15 Mar 2023 pam_list(7)
diff -NurbBw 11.4.57/man7/pam_otp_auth.7 11.4.60/man7/pam_otp_auth.7
--- 11.4.57/man7/pam_otp_auth.7 2023-08-23 17:32:55.545548127 -0700
+++ 11.4.60/man7/pam_otp_auth.7 2023-08-23 17:33:24.418885276 -0700
@@ -6,6 +6,9 @@
NAME
pam_otp_auth - PAM authentication
+SYNOPSIS
+ pam_otp_auth.so.1
+
DESCRIPTION
The pam_otp_auth module implements pam_sm_authenticate(), which pro-
vides functionality to the PAM authentication stack. It effectuates a
@@ -37,10 +40,8 @@
The module does not support any options.
-ERRORS
- The following error codes are returned from pam_sm_authenticate() func-
- tion:
-
+RETURN VALUES
+ The following values are returned from pam_sm_authenticate() function:
PAM_AUTH_ERR Authentication failure.
@@ -64,18 +65,57 @@
-
- The following error code is returned from pam_sm_setcred() function:
-
+ The following value is returned from pam_sm_setcred() function:
PAM_IGNORE Ignores this module regardless of the control flag.
+FILES
+ These configurations may be enabled on a system-wide basis by setting
+ PAM_POLICY in policy.conf(5), or on a per-user basis by setting that
+ user's login PAM stack to one of the following policies using usermod
+ -K pam_policy=filename.
+
+ /etc/security/pam_policy/otp
+
+ Uses UNIX authentication (UNIX passwords) combined with One-Time
+ Passwords (HOTP or TOTP). With this configuration, the user will be
+ prompted for an OTP code only after the correct UNIX password has
+ been entered.
+
+
+ /etc/security/pam_policy/otp_strict
+
+ Uses UNIX authentication (UNIX passwords) combined with One-Time
+ Passwords (HOTP or TOTP). With this configuration, the user will be
+ prompted to enter an OTP code regardless of whether the correct
+ UNIX password was entered. In the case of an unsuccessful login,
+ the user will not be informed whether the UNIX password or OTP code
+ was invalid. If the user is using TOTP and the correct OTP code is
+ presented with an incorrect UNIX password, the user will have to
+ wait for a new time-based code to be available (typically up to 30
+ seconds) before authentication is possible.
+
+
+ATTRIBUTES
+ See attributes(7) for a description of the following attributes:
+
+
+ +-----------------------------+-----------------------------+
+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+ +-----------------------------+-----------------------------+
+ |Availability |system/security/otp |
+ +-----------------------------+-----------------------------+
+ |Interface Stability |Committed |
+ +-----------------------------+-----------------------------+
SEE ALSO
libpam(3LIB), pam(3PAM), pam_authenticate(3PAM), pam_setcred(3PAM),
- pam.conf(5), pam_get_item(3PAM), pam_authtok_get(7)
+ pam.conf(5), pam_get_item(3PAM), pam_authtok_get(7), pam_user_policy(7)
+
+HISTORY
+ The pam_otp_auth module was introduced in Oracle Solaris 11.3.14.
-Oracle Solaris 11.4 31 Jan 2017 pam_otp_auth(7)
+Oracle Solaris 11.4 15 Mar 2023 pam_otp_auth(7)
diff -NurbBw 11.4.57/man7/pam_passwd_auth.7 11.4.60/man7/pam_passwd_auth.7
--- 11.4.57/man7/pam_passwd_auth.7 2023-08-23 17:32:55.578148700 -0700
+++ 11.4.60/man7/pam_passwd_auth.7 2023-08-23 17:33:24.449495834 -0700
@@ -7,7 +7,7 @@
pam_passwd_auth - authentication module for password
SYNOPSIS
- pam_passwd_auth.so.1
+ pam_passwd_auth.so.1 [debug] [nowarn] [server_policy]
DESCRIPTION
pam_passwd_auth provides authentication functionality to the password
@@ -19,7 +19,7 @@
The name of the user whose password attributes are to be updated must
be present in the PAM_USER item. This can be accomplished due to a pre-
vious call to pam_start(3PAM), or explicitly set by pam_set_item(3PAM).
- Based on the current user-id and the repository that is to by updated,
+ Based on the current user-id and the repository that is to be updated,
the module determines whether a password is necessary for a successful
update of the password repository, and if so, which password is
required.
@@ -39,8 +39,8 @@
from the passwd entry in the name service switch.
-ERRORS
- The following error codes are returned:
+RETURN VALUES
+ The following values are returned:
PAM_BUF_ERR Memory buffer error
@@ -61,9 +61,9 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
- |Interface Stability |Committed |
+ |Availability |system/library/pam-core |
+-----------------------------+-----------------------------+
- |MT Level |MT-Safe with exceptions |
+ |Interface Stability |Committed |
+-----------------------------+-----------------------------+
SEE ALSO
@@ -74,14 +74,20 @@
sion(7)
NOTES
- The interfaces in libpam(3LIB) are MT-Safe only if each thread within
- the multi-threaded application uses its own PAM handle.
-
-
This module relies on the value of the current real UID, this module is
only safe for MT-applications that don't change UIDs during the call to
pam_authenticate(3PAM).
+HISTORY
+ Support for the server_policy option was added in Solaris 9 12/02
+ (Update 2).
+
+
+ The pam_authtok_check module was introduced in Solaris 9, and later
+ backported to patches for Solaris 8. This included support for the
+ debug and nowarn options. Prior to that, these checks were performed in
+ the pam_unix module.
+
-Oracle Solaris 11.4 11 May 2021 pam_passwd_auth(7)
+Oracle Solaris 11.4 15 Mar 2023 pam_passwd_auth(7)
diff -NurbBw 11.4.57/man7/pam_radius_auth.7 11.4.60/man7/pam_radius_auth.7
--- 11.4.57/man7/pam_radius_auth.7 2023-08-23 17:32:55.612610109 -0700
+++ 11.4.60/man7/pam_radius_auth.7 2023-08-23 17:33:24.482370919 -0700
@@ -6,6 +6,10 @@
NAME
pam_radius_auth - PAM module for RADIUS authentication
+SYNOPSIS
+ pam_radius_auth.so.1 [config_file=file] [use_authtok] [echo_pass]
+ [nowarn] [debug]
+
DESCRIPTION
The pam_radius_auth module implements the pam_sm_authenticate() func-
tion, which provides functionality to the PAM authentication stack. It
@@ -16,18 +20,12 @@
request to the server, and validates the response. The module can be
configured either to prompt the user for a password, or to use the
value saved in PAM_AUTHTOK by a previous module. If the RADIUS server
- issues a challenge rather than accept or reject result, the module will
- continue the PAM conversation, prompting the user for a response to the
- challenge, and issues a new access request to the server. This may
- result in the user being prompted for multiple authentication tokens.
- In this case, the prompt seen by the user typically originates from the
- RADIUS server.
-
-
- If the RADIUS server issues a challenged rather than a simple accept or
- reject result, the module will continue the PAM conversation, prompting
- the user for a response to the challenge, and issue a new access
- request to the server.
+ issues a challenge rather than a simple accept or reject result, the
+ module will continue the PAM conversation, prompting the user for a
+ response to the challenge, and issuing a new access request to the
+ server. This may result in the user being prompted for multiple authen-
+ tication tokens. In this case, the prompt seen by the user typically
+ originates from the RADIUS server.
Authentication service modules must implement both pam_sm_authenti-
@@ -41,35 +39,37 @@
The following options can be passed to the module:
+ config_file=file
+
+ The absolute path of the RADIUS configuration file. The default
+ location is /etc/inet/pam_radius.conf. The svc:/sys-
+ tem/radius/client:default service instance automatically generates
+ this configuration file at the default location.
+
- config_file=<file> The absolute path of the radius configuration
- file. The default location is
- /etc/inet/pam_radius.conf. The svc:/sys-
- tem/radius/client:default service instance auto-
- matically generates this configuration file at
- the default location.
+ use_authtok
+ If set, this PAM module uses the password string saved in PAM_AUTH-
+ TOK, rather than prompting for a new password.
- use_authtok If set, this PAM module uses the password string
- saved in PAM_AUTHTOK, rather than prompting for a
- new password.
+ echo_pass
- echo_pass Echoes the characters entered by the user when
- prompted for a password. This value may be set
- when it is expected that the user is entering an
- OTP or challenge response that does not need to
- be kept secret. This option is ignored if
- use_authtok is set.
+ Echoes the characters entered by the user when prompted for a pass-
+ word. This value may be set when it is expected that the user is
+ entering an OTP or challenge response that does not need to be kept
+ secret. This option is ignored if use_authtok is set.
- nowarn Turn off warning messages.
+ nowarn
+ Turn off warning messages.
- debug syslog debugging information at LOG_DEBUG level.
- For more information, see the syslog(3C) man
- page.
+ debug
+
+ syslog debugging information at LOG_DEBUG level. For more informa-
+ tion, see the syslog(3C) man page.
CONFIGURATION
@@ -78,130 +78,118 @@
vide configuration and customization of the pam_radius_auth modules
behavior:
- o
+ Configuration File
+
pam_radius_conf/path astring
- Controls the location of the configuration file generated by
- this service instance. Combined with the config_file option
- to the PAM module, this is used to create different
- instances of the radius or client service participating in
- different RADIUS configurations.
+ Controls the location of the configuration file generated by this
+ service instance. Combined with the config_file option to the PAM
+ module, this is used to create different instances of the radius or
+ client service participating in different RADIUS configurations.
- o
+ Timeout
+
config/timeout integer
- Timeout waiting for a response from each RADIUS server.
- Defaults to 10 seconds.
+ Timeout waiting for a response from each RADIUS server. Defaults to
+ 10 seconds.
+
+ Network Access Server id
- o
config/nas_id astring
- Network Access Server identifier sent to RADIUS server.
- Defaults to hostname.
+ Network Access Server identifier sent to RADIUS server. Defaults to
+ hostname.
- o
+ TLS related parameters
- TLS related parameters
- - config/client_cert_file astring
- - config/client_key_file astring
- - config/ca_path astring
+ config/client_cert_file astring
+ config/client_key_file astring
+ config/ca_path astring
+ Certificates and key files are in PEM format with appropriate begin
+ or end guards. The file designated by client_cert_file must begin
+ with the client's end-entity certificate, followed by all necessary
+ intermediate certificates. ca_path may be either a file containing
+ the concatenation of all trusted CA certificates or a directory
+ containing distinct certificate files. If a directory is used, it
+ must be populated with symlinks appropriate for use by openssl.
+ This is typically done by running the c_rehash(1openssl) command on
+ that directory.
- Certificates and key files are in PEM format with appropri-
- ate begin or end guards. The file designated by
- client_cert_file must begin with the client's end-entity
- certificate, followed by all necessary intermediate certifi-
- cates. ca_path may be either a file containing the concate-
- nation of all trusted CA certificates or a directory con-
- taining distinct certificate files. If a directory is used,
- it must be populated with symlinks appropriate for use by
- openssl. This is typically done by running the c_rehash com-
- mand on that directory.
+ config/ciphers astring
- o
+ Allows the set of TLS ciphers used by using the openssl to be over-
+ ridden. For more information, see the ciphers(1openssl) man page.
- config/ciphers
- Allows the set of TLS ciphers used by using the openssl to
- be overridden. For more information, see the openssl ciphers
- man page.
- o
- config/tls_version_min
+ config/tls_version_min astring
- Sets the minimum TLS version. Valid values are 1.1 and 1.2.
- The default is 1.1.
+ Sets the minimum TLS version. Valid values are 1.1 and 1.2. The
+ default is 1.1.
- o
+ RADIUS replies
+
config/show_radius_replies boolean
- Should the module display reply messages be included in the
- ACCESS-ACCEPT or ACCESS-REJECT from the RADIUS server?
- Defaults to true.
+ Should the module display reply messages be included in the ACCESS-
+ ACCEPT or ACCESS-REJECT from the RADIUS server? Defaults to true.
+
+ Prompt Strings
- o
config/passwd_prompt_string ustring
The prompt is used when the pam_radius_auth module initially
- prompts the user for a password or other authentication
- token. This value is ignored if the use_authtok option is
- set for the module in the PAM policy.
+ prompts the user for a password or other authentication token. This
+ value is ignored if the use_authtok option is set for the module in
+ the PAM policy.
- o
-
config/chal_prompt_string ustring
Override the challenge prompt supplied by the RADIUS server.
- o
-
Server parameters
- The PAM module supports up to 5 radius servers. Multiple
- servers are supported to enable availability in cases where
- one or more servers can be down or unreachable. The selected
- server may be unpredictable and should not be relied upon.
+ The PAM module supports up to 5 radius servers. Multiple servers
+ are supported to enable availability in cases where one or more
+ servers can be down or unreachable. The selected server may be
+ unpredictable and should not be relied upon.
- o
-
config/server_list host
- Names or IP addresses of RADIUS servers, with optional port
- number e.g. "server1 server2:1812 192.168.0.2
- [2001::45]:2083"
-
+ Names or IP addresses of RADIUS servers, with optional port number
+ e.g. "server1 server2:1812 192.168.0.2 [2001::45]:2083"
- o
config/secret/radius ustring
- Shared secret for RADIUS server, an ASCII string. The RADIUS
- secret is not used for TLS and should not be set in that
- case. This property group requires the authorization
- solaris.radius.secret.read to read.
+ Shared secret for RADIUS server, an ASCII string. The RADIUS secret
+ is not used for TLS and should not be set in that case. This prop-
+ erty group requires the authorization solaris.radius.secret.read to
+ read.
-ERRORS
- The following error codes are returned from the pam_sm_authenticate()
- function:
-
+RETURN VALUES
+ The following values are returned from the pam_sm_authenticate() func-
+ tion:
PAM_AUTH_ERR Authentication failure
@@ -225,19 +213,53 @@
+ The following value is returned from the pam_sm_setcred() function:
- The following error code is returned from the pam_sm_setcred() func-
- tion:
+ PAM_IGNORE Ignores this module regardless of the control flag
- PAM_IGNORE Ignores this module regardless of the control flag
+FILES
+ These configurations may be enabled on a system-wide basis by setting
+ PAM_POLICY in policy.conf(5), or on a per-user basis by setting that
+ user's login PAM stack to one of the following policies using usermod
+ -K pam_policy=filename.
+
+ /etc/security/pam_policy/radius
+
+ Authenticates only via RADIUS.
+
+ /etc/security/pam_policy/ldap-radius-2fa
+ Authenticates via LDAP password with a RADIUS second factor.
+
+
+ /etc/security/pam_policy/unix-radius-2fa
+
+ Authenticates via UNIX password with a RADIUS second factor.
+
+
+ATTRIBUTES
+ See attributes(7) for descriptions of the following attributes:
+
+
+ +-----------------------------+------------------------------+
+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+ +-----------------------------+------------------------------+
+ |Availability |system/security/radius/client |
+ +-----------------------------+------------------------------+
+ |Interface Stability |Committed |
+ +-----------------------------+------------------------------+
SEE ALSO
libpam(3LIB), pam(3PAM), pam_authenticate(3PAM), pam_setcred(3PAM),
- pam_get_item(3PAM), pam.conf(5), pam_authtok_get(7), openssl(7)
+ pam_get_item(3PAM), pam.conf(5), policy.conf(5), openssl(7), pam_auth-
+ tok_get(7), pam_ldap(7), pam_unix_auth(7), pam_user_policy(7), user-
+ mod(8)
+
+HISTORY
+ The pam_radius_auth module was introduced in Oracle Solaris 11.4.0.
-Oracle Solaris 11.4 08 May 2018 pam_radius_auth(7)
+Oracle Solaris 11.4 15 Mar 2023 pam_radius_auth(7)
diff -NurbBw 11.4.57/man7/pam_rhosts_auth.7 11.4.60/man7/pam_rhosts_auth.7
--- 11.4.57/man7/pam_rhosts_auth.7 2023-08-23 17:32:55.648884862 -0700
+++ 11.4.60/man7/pam_rhosts_auth.7 2023-08-23 17:33:24.513506399 -0700
@@ -7,22 +7,21 @@
pam_rhosts_auth - authentication management PAM module using ruserok()
SYNOPSIS
- /usr/lib/security/pam_rhosts_auth.so.1
+ pam_rhosts_auth.so.1 [debug]
DESCRIPTION
The rhosts PAM module, /usr/lib/security/pam_rhosts_auth.so.1, authen-
ticates a user via the rlogin authentication protocol. Only
pam_sm_authenticate() is implemented within this module. pam_sm_authen-
ticate() uses the ruserok(3C) library function to authenticate the
- rlogin or rsh user. pam_sm_setcred() is a null function.
+ rlogin or rsh user. pam_sm_setcred() always returns PAM_IGNORE.
- /usr/lib/security/pam_rhosts_auth.so.1 is designed to be stacked on top
- of the /usr/lib/security/pam_unix.so.1 module for both the rlogin and
- rsh services. This module is normally configured as sufficient so that
- subsequent authentication is performed only on failure of
- pam_sm_authenticate(). The following option may be passed in to this
- service module:
+ The pam_rhosts_auth.so.1 module is designed to be stacked on top of the
+ pam_unix_auth(7) module for both the rlogin and rsh services. This mod-
+ ule is normally configured as sufficient so that subsequent authentica-
+ tion is performed only on failure of pam_sm_authenticate(). The follow-
+ ing option may be passed in to this service module:
debug syslog(3C) debugging information at LOG_DEBUG level.
@@ -34,17 +33,19 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
- |MT Level |MT-Safe with exceptions |
+ |Availability |system/library/pam-core |
+ +-----------------------------+-----------------------------+
+ |Interface Stability |Committed |
+-----------------------------+-----------------------------+
SEE ALSO
- syslog(3C), ruserok(3C), libpam(3LIB), pam(3PAM), pam_authenti-
- cate(3PAM), pam.conf(5), attributes(7)
+ ruserok(3C), syslog(3C), libpam(3LIB), pam(3PAM), pam_authenti-
+ cate(3PAM), pam.conf(5), attributes(7), pam_unix_auth(7)
-NOTES
- The interfaces in libpam() are MT-Safe only if each thread within the
- multi-threaded application uses its own PAM handle.
+HISTORY
+ The pam_rhosts_auth module was introduced in Solaris 2.6. This included
+ support for the debug option.
-Oracle Solaris 11.4 28 Oct 1996 pam_rhosts_auth(7)
+Oracle Solaris 11.4 15 Mar 2023 pam_rhosts_auth(7)
diff -NurbBw 11.4.57/man7/pam_roles.7 11.4.60/man7/pam_roles.7
--- 11.4.57/man7/pam_roles.7 2023-08-23 17:32:55.681945854 -0700
+++ 11.4.60/man7/pam_roles.7 2023-08-23 17:33:24.545602493 -0700
@@ -7,7 +7,7 @@
pam_roles - Solaris Roles account management module
SYNOPSIS
- pam_roles.so.1
+ pam_roles.so.1 [allow_remote] [debug]
DESCRIPTION
The pam_roles module implements pam_sm_acct_mgmt(3PAM). It provides
@@ -16,18 +16,18 @@
used to determine which users can assume which roles.
- The PAM items PAM_USER and PAM_AUSER, and PAM_RHOST are used to deter-
- mine the outcome of this module. PAM_USER represents the new identity
- being verified. PAM_AUSER, if set, represents the user asserting a new
- identity. If PAM_AUSER is not set, the real user ID of the calling ser-
- vice implies that the user is asserting a new identity. Notice that
- root can never have roles.
+ The PAM items PAM_USER, PAM_AUSER, and PAM_RHOST are used to determine
+ the outcome of this module. PAM_USER represents the new identity being
+ verified. PAM_AUSER, if set, represents the user asserting a new iden-
+ tity. If PAM_AUSER is not set, the real user ID of the calling service
+ implies the user that is asserting a new identity. Notice that root can
+ never have roles.
This module is generally stacked above the pam_unix_account(7) module.
- The following options are interpreted:
+ The following options are accepted:
allow_remote Allows a remote service to specify the user to enter as
a role.
@@ -37,7 +37,7 @@
LOG_DEBUG level.
-ERRORS
+RETURN VALUES
The following values are returned:
PAM_IGNORE If the type of the new user identity (PAM_USER) is
@@ -135,9 +133,9 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
- |Interface Stability |Committed |
+ |Availability |system/library/pam-core |
+-----------------------------+-----------------------------+
- |MT Level |MT-Safe with exceptions |
+ |Interface Stability |Committed |
+-----------------------------+-----------------------------+
SEE ALSO
@@ -146,13 +144,9 @@
pam.conf(5), user_attr(5), attributes(7), pam_authtok_check(7),
pam_authtok_get(7), pam_authtok_store(7), pam_dhkeys(7),
pam_passwd_auth(7), pam_unix_account(7), pam_unix_auth(7),
- pam_unix_session(7), sshd(8), su(8)
+ pam_unix_session(7), rbac(7), sshd(8), su(8)
NOTES
- The interfaces in libpam(3LIB) are MT-Safe only if each thread within
- the multi-threaded application uses its own PAM handle.
-
-
This module should never be stacked alone. It never returns PAM_SUC-
CESS, as it never makes a positive decision.
@@ -165,6 +159,14 @@
PAM_AUSER has replaced PAM_RUSER whose definition is limited to the
rlogin/rsh untrusted remote user name. See pam_set_item(3PAM).
+HISTORY
+ Support for the allow_remote option was added in Solaris 10 11/06
+ (Update 3).
+
+
+ The pam_roles module was introduced in Solaris 8. This included support
+ for the debug option.
+
-Oracle Solaris 11.4 25 Mar 2020 pam_roles(7)
+Oracle Solaris 11.4 15 Mar 2023 pam_roles(7)
diff -NurbBw 11.4.57/man7/pam_sample.7 11.4.60/man7/pam_sample.7
--- 11.4.57/man7/pam_sample.7 2023-08-23 17:32:55.714466716 -0700
+++ 11.4.60/man7/pam_sample.7 2023-08-23 17:33:24.578831855 -0700
@@ -7,7 +7,13 @@
pam_sample - a sample PAM module
SYNOPSIS
- /usr/lib/security/pam_sample.so.1
+ SAMPLE Authentication Component
+ pam_sample.so.1 [debug] [pass=password] [first_pass_good]
+ [first_pass_bad] [always_fail] [always_succeed] [always_ignore]
+ [use_first_pass] [try_first_pass]
+
+ SAMPLE Account Management Component
+ pam_sample.so.1 [debug] [nowarn] [allow=name[,name...]]
DESCRIPTION
The SAMPLE service module for PAM is divided into four components:
@@ -15,7 +21,7 @@
management. The sample module is a shared object that is dynamically
loaded to provide the necessary functionality.
-SAMPLE AUTHENTICATION COMPONENT
+ SAMPLE Authentication Component
The SAMPLE authentication module provides functions to test the PAM
framework functionality using the pam_sm_authenticate(3PAM) call. The
SAMPLE module implementation of the pam_sm_authenticate(3PAM) function
@@ -27,7 +33,7 @@
debug Syslog debugging information at the LOG_DEBUG level.
- pass=newone Sets the password to be newone.
+ pass=password Sets the password to be password.
first_pass_good The first password is always good when used with the
@@ -69,7 +75,7 @@
always returns PAM_SUCCESS.
-SAMPLE ACCOUNT MANAGEMENT COMPONENT
+ SAMPLE Account Management Component
The SAMPLE Account Management Component implements a simple access con-
trol scheme that limits machine access to a list of authorized users.
The list of authorized users is supplied as option arguments to the
@@ -78,8 +84,8 @@
the root super user.
- The option field syntax to limit access is shown below: allow=
- name[,name] allow= name [allow=name]
+ The option field syntax to limit access is shown below:
+ allow=name[,name] allow=name [allow=name]
The example pam.conf shown below permits only larry to login directly.
@@ -96,22 +102,22 @@
The debug and nowarn options are also supported.
-SAMPLE PASSWORD MANAGEMENT COMPONENT
+ SAMPLE Password Management Component
The SAMPLE Password Management Component function ( pam_sm_chauth-
tok(3PAM)), always returns PAM_SUCCESS.
-SAMPLE SESSION MANAGEMENT COMPONENT
+ SAMPLE Session Management Component
The SAMPLE Session Management Component functions ( pam_sm_open_ses-
sion(3PAM), pam_sm_close_session(3PAM)) always return PAM_SUCCESS.
ATTRIBUTES
- See attributes(7) for description of the following attributes:
+ See attributes(7) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
- |MT Level |MT-Safe with exceptions |
+ |Availability |system/library/pam-core |
+-----------------------------+-----------------------------+
SEE ALSO
@@ -122,12 +128,11 @@
WARNINGS
This module should never be used outside of a closed debug environment.
The examples of the use_first_pass and try_first_pass options are obso-
- lete for all other Solaris delivered PAM service modules
+ lete for all other Solaris delivered PAM service modules.
-NOTES
- The interfaces in libpam() are MT-Safe only if each thread within the
- multi-threaded application uses its own PAM handle.
+HISTORY
+ The pam_sample module was introduced in Solaris 2.6.
-Oracle Solaris 11.4 5 Dec 2013 pam_sample(7)
+Oracle Solaris 11.4 15 Mar 2023 pam_sample(7)
diff -NurbBw 11.4.57/man7/pam_smb_passwd.7 11.4.60/man7/pam_smb_passwd.7
--- 11.4.57/man7/pam_smb_passwd.7 2023-08-23 17:32:55.745072372 -0700
+++ 11.4.60/man7/pam_smb_passwd.7 2023-08-23 17:33:24.610465014 -0700
@@ -59,7 +59,7 @@
Stores SMB passwords for Solaris users.
-ERRORS
+RETURN VALUES
Upon successful completion of pam_sm_chauthtok(), PAM_SUCCESS is
returned. The following error codes are returned upon error:
@@ -96,9 +96,9 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
- |Interface Stability |Committed |
+ |Availability |service/file-system/smb |
+-----------------------------+-----------------------------+
- |MT Level |MT-Safe with exceptions |
+ |Interface Stability |Committed |
+-----------------------------+-----------------------------+
SEE ALSO
@@ -106,13 +106,12 @@
pam_sm_chauthtok(3PAM), pam.conf(5), attributes(7), smbd(8)
NOTES
- The interfaces in libpam(3LIB) are MT-Safe only if each thread within
- the multi-threaded application uses its own PAM handle.
-
-
The pam_smb_passwd.so.1 module should be stacked following all password
qualification modules in the PAM password stack.
+HISTORY
+ The pam_smb_passwd module was introduced in Oracle Solaris 11.0.0.
+
-Oracle Solaris 11.4 19 Mar 2010 pam_smb_passwd(7)
+Oracle Solaris 11.4 15 Mar 2023 pam_smb_passwd(7)
diff -NurbBw 11.4.57/man7/pam_smbfs_login.7 11.4.60/man7/pam_smbfs_login.7
--- 11.4.57/man7/pam_smbfs_login.7 2023-08-23 17:32:55.776549847 -0700
+++ 11.4.60/man7/pam_smbfs_login.7 2023-08-23 17:33:24.641668942 -0700
@@ -8,7 +8,7 @@
SMB/CIFS client login
SYNOPSIS
- pam_smb_cred.so.1
+ pam_smbfs_login.so.1 [debug] [nowarn]
DESCRIPTION
The pam_smbfs_login module implements pam_sm_setcred(3PAM) to provide
@@ -27,8 +27,7 @@
To use this functionality, an entry similar to the following line would
be added to the end of the existing authentication PAM stack in the
- appropriate /etc/pam.d/_service_
- file file:
+ appropriate /etc/pam.d/ service file:
auth optional pam_smbfs_login.so.1
@@ -82,7 +81,7 @@
Suppresses warning messages.
-ERRORS
+RETURN VALUES
Upon successful completion of pam_sm_authenticate(3PAM), PAM_IGNORE is
returned. The following error codes are returned upon error:
@@ -122,15 +119,15 @@
ATTRIBUTES
- See attributes(7) for descriptions of the following attribute:
+ See attributes(7) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
- |Interface Stability |Committed |
+ |Availability |system/file-system/smb |
+-----------------------------+-----------------------------+
- |MT Level |MT-Safe with exceptions |
+ |Interface Stability |Committed |
+-----------------------------+-----------------------------+
SEE ALSO
@@ -138,10 +135,9 @@
pam_sm_authenticate(3PAM), pam_sm_chauthtok(3PAM), pam_sm_set-
cred(3PAM), smbfs(4FS), pam.conf(5), attributes(7), smbadm(8)
-NOTES
- The interfaces in libpam(3LIB) are MT-Safe only if each thread within
- the multi-threaded application uses its own PAM handle.
+HISTORY
+ The pam_smbfs_login module was introduced in Oracle Solaris 11.0.0.
-Oracle Solaris 11.4 21 June 2016 pam_smbfs_login(7)
+Oracle Solaris 11.4 15 Mar 2023 pam_smbfs_login(7)
diff -NurbBw 11.4.57/man7/pam_tsol_account.7 11.4.60/man7/pam_tsol_account.7
--- 11.4.57/man7/pam_tsol_account.7 2023-08-23 17:32:55.808685345 -0700
+++ 11.4.60/man7/pam_tsol_account.7 2023-08-23 17:33:24.673103077 -0700
@@ -7,14 +7,14 @@
pam_tsol_account - PAM account management module for Trusted Extensions
SYNOPSIS
- /usr/lib/security/pam_tsol_account.so.1
+ pam_tsol_account.so.1 [allow_unlabeled] [debug]
DESCRIPTION
The Solaris Trusted Extensions service module for PAM, /usr/lib/secu-
rity/pam_tsol_account.so.1, checks account limitations that are related
to labels. The pam_tsol_account.so.1 module is a shared object that can
be dynamically loaded to provide the necessary functionality upon
- demand. Its path is specified in the PAM configuration file.
+ demand, as specified in the PAM configuration files.
pam_tsol_account.so.1 contains a function to perform account manage-
@@ -68,30 +68,31 @@
ATTRIBUTES
- See attributes(7) for description of the following attributes:
+ See attributes(7) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
- |Interface Stability |Committed |
+ |Availability |system/library/pam-core |
+-----------------------------+-----------------------------+
- |MT Level |MT-Safe with exceptions |
+ |Interface Stability |Committed |
+-----------------------------+-----------------------------+
-
- The interfaces in libpam(3LIB) are MT-Safe only if each thread within
- the multi-threaded application uses its own PAM handle.
-
SEE ALSO
keylogin(1), syslog(3C), libpam(3LIB), pam(3PAM),
pam_sm_acct_mgmt(3PAM), pam_start(3PAM), label_encodings(5),
- pam.conf(5), user_attr(5), attributes(7)
+ pam.conf(5), user_attr(5), attributes(7), trusted_extensions(7)
NOTES
The functionality described on this manual page is available only if
the system is configured with Trusted Extensions.
+HISTORY
+ The pam_tsol_account module was added to Solaris in Solaris 10 4/08
+ (Update 5). Prior to that it was included in the Trusted Extensions
+ add-on for Solaris 10.
+
-Oracle Solaris 11.4 22 May 2012 pam_tsol_account(7)
+Oracle Solaris 11.4 15 Mar 2023 pam_tsol_account(7)
diff -NurbBw 11.4.57/man7/pam_tty_tickets.7 11.4.60/man7/pam_tty_tickets.7
--- 11.4.57/man7/pam_tty_tickets.7 2023-08-23 17:32:55.840402929 -0700
+++ 11.4.60/man7/pam_tty_tickets.7 2023-08-23 17:33:24.706180975 -0700
@@ -7,12 +7,13 @@
pam_tty_tickets - PAM authentication module
SYNOPSIS
- pam_tty_tickets.so.1 [timeout=minutes] [sudo-compat] [debug]
+ pam_tty_tickets.so.1 [debug] [timeout=minutes] [sudo-compat]
DESCRIPTION
The pam_tty_tickets module provides a mechanism for checking a ticket
- that was created by a prior successful authentication. Tickets by
- default validity of 5 minutes.
+ that was created by a prior successful authentication on the same tty
+ or X11 display. Tickets are only valid for a limited time, by default 5
+ minutes.
The default ticket location includes both the source (PAM_AUSER) and
@@ -30,9 +31,9 @@
The pam_sm_authenticate() function checks the timestamp on the ticket
- is no older than the timeout value, if is then it returns PAM_SUCCESS.
- If it is older then the ticket is removed and the module returns
- PAM_IGNORE.
+ is no older than the timeout value. If is not older, then it returns
+ PAM_SUCCESS. If it is older then the ticket is removed and the module
+ returns PAM_IGNORE.
This module is intended to be placed in the auth stack with the suffi-
@@ -41,23 +42,26 @@
No messages are produced by this module using the PAM conversation
function. Some messages are sent to syslog for error conditions as as
- well as messages at LOG_INFO for ticket validity checking
+ well as messages at LOG_INFO for ticket validity checking.
The following options can be passed to the module:
- debug Debugging information is sent to syslog
- LOG_AUTH|LOG_DEBUG.
+ debug
+ Debugging information is sent to syslog LOG_AUTH|LOG_DEBUG.
- sudo-compat Location of the per user (per tty) tickets, matches the
- sudo location. When this option is set PAM_USER must be
- root otherwise the module returns PAM_IGNORE and tickets
- are not read or created.
+ sudo-compat
- timeout Validity time in minutes for a ticket. The default is 5
- minutes.
+ Location of the per user (per tty) tickets matches the sudo loca-
+ tion. When this option is set PAM_USER must be root otherwise the
+ module returns PAM_IGNORE and tickets are not read or created.
+
+
+ timeout=minutes
+
+ Validity time in minutes for a ticket. The default is 5 minutes.
EXAMPLES
@@ -88,17 +88,13 @@
for 10 minutes and uses the sudo location:
-
-
su auth required pam_unix_cred.so.1
su auth sufficient pam_tty_tickets.so.1 sudo-compat timeout=10
su auth requisite pam_authtok_get.so.1
su auth required pam_unix_auth.so.1
-
-
-ERRORS
+RETURN VALUES
PAM_SUCCESS Ticket is valid
@@ -106,15 +102,15 @@
FILES
- /system/volatile/tty_tickets/<PAM_AUSER>/<PAM_USER>/<PAM_TTY>
+ /system/volatile/tty_tickets/PAM_AUSER/>PAM_USER/PAM_TTY
Default ticket location.
- /system/volatile/sudo/<PAM_AUSER>/<PAM_TTY>
+ /system/volatile/sudo/PAM_AUSER/PAM_TTY
- When used sudo-compat is set this file has the same format as those
- created by sudo.
+ When sudo-compat is set, tickets are stored in this file, in the
+ same format as those created by sudo(8).
ATTRIBUTES
@@ -124,6 +120,8 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
+ |Availability |system/library/pam-core |
+ +-----------------------------+-----------------------------+
|Interface Stability |See below. |
+-----------------------------+-----------------------------+
@@ -135,6 +133,9 @@
pam(3PAM), pam_sm_authenticate(3PAM), pam_sm_setcred(3PAM),
attributes(7), su(8), sudo(8)
+HISTORY
+ The pam_tty_tickets module was introduced in Oracle Solaris 11.0.0.
+
-Oracle Solaris 11.4 6 Feb 2020 pam_tty_tickets(7)
+Oracle Solaris 11.4 15 Mar 2023 pam_tty_tickets(7)
diff -NurbBw 11.4.57/man7/pam_unix_account.7 11.4.60/man7/pam_unix_account.7
--- 11.4.57/man7/pam_unix_account.7 2023-08-23 17:32:55.873355718 -0700
+++ 11.4.60/man7/pam_unix_account.7 2023-08-23 17:33:24.739007046 -0700
@@ -7,7 +7,7 @@
pam_unix_account - PAM account management module for UNIX
SYNOPSIS
- pam_unix_account.so.1
+ pam_unix_account.so.1 [debug] [nowarn] [server_policy]
DESCRIPTION
The pam_unix_account module implements pam_sm_acct_mgmt(), which pro-
@@ -30,8 +30,8 @@
o The user's account has not been inactive for too long
- o The /etc/nologin file is not present for non-root users (see
- nologin(5))
+ o The /etc/nologin file is not present for non-administrative
+ users (see nologin(5))
@@ -53,7 +53,7 @@
from the passwd entry in the name service switch.
-ERRORS
+RETURN VALUES
The following values are returned:
PAM_ACCT_EXPIRED User account has expired
@@ -97,14 +97,14 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
- |Interface Stability |Committed |
+ |Availability |system/library/pam-core |
+-----------------------------+-----------------------------+
- |MT Level |MT-Safe with exceptions |
+ |Interface Stability |Committed |
+-----------------------------+-----------------------------+
SEE ALSO
syslog(3C), libpam(3LIB), pam(3PAM), pam_authenticate(3PAM), nss-
- witch.conf(5), pam.conf(5), attributes(7)
+ witch.conf(5), pam.conf(5), user_attr(5), attributes(7)
NOTES
The interfaces in libpam(3LIB) are MT-Safe only if each thread within
@@ -114,6 +114,24 @@
Attempts to validate locked accounts are logged via syslog(3C) to the
LOG_AUTH facility with a LOG_NOTICE severity.
+HISTORY
+ Checking the current day and time against the restrictions set in the
+ access_times attribute in user_attr(5) was added to the
+ pam_unix_account module in Oracle Solaris 11.2.0.
+
+
+ The check for /etc/nologin was moved from the individual programs to
+ the pam_unix_account module in Oracle Solaris 11.2.0.
+
+
+ Support for the server_policy option was added in Solaris 10 3/05.
+
+
+ The pam_unix_account module was introduced in Solaris 9, and later
+ backported to patches for Solaris 8. This included support for the
+ debug and nowarn options. Prior to that, these checks were performed in
+ the pam_unix module.
+
-Oracle Solaris 11.4 23 Jan 2023 pam_unix_account(7)
+Oracle Solaris 11.4 15 Mar 2023 pam_unix_account(7)
diff -NurbBw 11.4.57/man7/pam_unix_auth.7 11.4.60/man7/pam_unix_auth.7
--- 11.4.57/man7/pam_unix_auth.7 2023-08-23 17:32:55.906522367 -0700
+++ 11.4.60/man7/pam_unix_auth.7 2023-08-23 17:33:24.768423652 -0700
@@ -7,7 +7,7 @@
pam_unix_auth - PAM authentication module for UNIX
SYNOPSIS
- pam_unix_auth.so.1
+ pam_unix_auth.so.1 [debug] [nolock] [nowarn] [server_policy]
DESCRIPTION
The pam_unix_auth module implements pam_sm_authenticate(), which pro-
@@ -37,7 +37,7 @@
support automatic account locking. A successful authentication by this
module clears the failed login counter and reports the number of failed
attempts since the last successful authentication. Accounts that have
- been locked, may be configured to be automatically unlocked upon suc-
+ been locked may be configured to be automatically unlocked upon suc-
cessful authentication by configuring an unlock time (see user_attr(5)
and policy.conf(5)).
@@ -51,6 +51,19 @@
The following options can be passed to the module:
+ debug
+
+ syslog(3C) debugging information at the LOG_DEBUG level.
+
+
+ nolock
+
+ Regardless of the automatic account locking setting for the
+ account, do not lock the account, increment or clear the failed
+ login count. The nolock option allows for exempting account locking
+ on a per service basis.
+
+
nowarn
Turn off warning messages.
@@ -63,16 +76,8 @@
name service switch.
- nolock
-
- Regardless of the automatic account locking setting for the
- account, do not lock the account, increment or clear the failed
- login count. The nolock option allows for exempting account locking
- on a per service basis.
-
-
-ERRORS
- The following error codes are returned from pam_sm_authenticate():
+RETURN VALUES
+ The following values are returned from pam_sm_authenticate():
PAM_AUTH_ERR
@@ -115,7 +120,7 @@
- The following error codes are returned from pam_sm_setcred():
+ The following value is returned from pam_sm_setcred():
PAM_IGNORE
@@ -129,9 +134,9 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
- |Interface Stability |Committed |
+ |Availability |system/library/pam-core |
+-----------------------------+-----------------------------+
- |MT Level |MT-Safe with exceptions |
+ |Interface Stability |Committed |
+-----------------------------+-----------------------------+
SEE ALSO
@@ -144,15 +149,34 @@
usermod(8)
NOTES
- The interfaces in libpam(3LIB) are MT-Safe only if each thread within
- the multi-threaded application uses its own PAM handle.
-
-
If the PAM_REPOSITORY item_type is set and a service module does not
recognize the type, the service module does not process any informa-
tion, and returns PAM_IGNORE. If the PAM_REPOSITORY item_type is not
set, a service module performs its default action.
+HISTORY
+ Support for unlocking accounts when either the UNLOCK_AFTER property is
+ set in policy.conf(5), or the unlock_after attribute is set in
+ user_attr(5), was added in Oracle Solaris 11.4.0.
+
+
+ Support for checking the roleauth attribute from user_attr(5) to deter-
+ mine if it should check for the role or user password was added in Ora-
+ cle Solaris 11.0.0.
+
+
+ Support for the nolock option and for locking accounts upon multiple
+ failed authentication attempts was added in Solaris 10 3/05.
+
+
+ Support for the server_policy option was added in Solaris 10 3/05.
+
+
+ The pam_unix_account module was introduced in Solaris 9, and later
+ backported to patches for Solaris 8. This included support for the
+ debug and nowarn options. Prior to that, these checks were performed in
+ the pam_unix module.
+
-Oracle Solaris 11.4 27 Oct 2014 pam_unix_auth(7)
+Oracle Solaris 11.4 15 Mar 2023 pam_unix_auth(7)
diff -NurbBw 11.4.57/man7/pam_unix_cred.7 11.4.60/man7/pam_unix_cred.7
--- 11.4.57/man7/pam_unix_cred.7 2023-08-23 17:32:55.939387818 -0700
+++ 11.4.60/man7/pam_unix_cred.7 2023-08-23 17:33:24.800914285 -0700
@@ -7,7 +7,8 @@
pam_unix_cred - PAM user credential authentication module for UNIX
SYNOPSIS
- pam_unix_cred.so.1
+ pam_unix_cred.so.1 [debug] [nowarn]
+ [noannotation | annotation_prompt="prompt string"]
DESCRIPTION
The pam_unix_cred module implements pam_sm_setcred(3PAM). It provides
@@ -28,9 +29,9 @@
pam_sm_authenticate() in this module always returns PAM_IGNORE.
- pam_sm_setcred() initializes the user's project, privilege sets, ini-
- tializes or updates the user's audit context if it hasn't already been
- initialized, and sets the process clearance.
+ pam_sm_setcred() initializes the user's project and privilege sets,
+ initializes or updates the user's audit context if it hasn't already
+ been initialized, and sets the process clearance.
The new clearance is set to the lower bound of the current process
@@ -69,9 +70,14 @@
PAM_ESTABLISH_CRED
PAM_REINITIALIZE_CRED
- Prompt for an "audit record annotation string" for a PAM_USER, who
+ Prompt for an "audit record annotation string" for a PAM_USER who
is configured to request audit record annotation.
+ Create subdirectories for the user, if they don't already exist, in
+ the /var/user and /tmp/volatile-user directories. The persistent
+ /var/user subdirectory will not be created for users logging in
+ with an emphemeral user id.
+
PAM_DELETE_CRED
@@ -82,29 +88,33 @@
The following options are interpreted:
- debug Provides syslog(3C) debugging information at the
- LOG_DEBUG level.
+ debug
+
+ Provides syslog(3C) debugging information at the LOG_DEBUG level.
+
+ nowarn
- nowarn Disables any warning messages.
+ Disables any warning messages.
- noannotation Do not prompt for audit record annotation. It is
- an error to include this option and the annota-
- tion_prompt= option.
+ noannotation
+ Do not prompt for audit record annotation. It is an error to
+ include this option and the annotation_prompt= option.
- annotation_prompt= Provides a prompt string to override the default
- audit record annotation prompt of Session Annota-
- tion:. The prompt string must immediately follow
- the =. If the string following the = contains
- white space, it must be surrounded by quotation
- marks, for example annotation_prompt=My Prompt
- String. It is an error to include this option and
- the noannotation option.
+ annotation_prompt="prompt string"
-ERRORS
+ Provides a prompt string to override the default audit record anno-
+ tation prompt of Session Annotation:. The prompt string must imme-
+ diately follow the =. If the string following the = contains white
+ space, it must be surrounded by quotation marks, for example anno-
+ tation_prompt="My Prompt String". It is an error to include both
+ this option and the noannotation option.
+
+
+RETURN VALUES
Upon successful completion of pam_sm_setcred(), PAM_SUCCESS is
returned. The following error codes are returned upon error:
@@ -143,9 +153,9 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
- |Interface Stability |Committed |
+ |Availability |system/library/pam-core |
+-----------------------------+-----------------------------+
- |MT Level |MT-Safe with exceptions |
+ |Interface Stability |Committed |
+-----------------------------+-----------------------------+
SEE ALSO
@@ -158,13 +168,40 @@
leges(7), su(8)
NOTES
- The interfaces in libpam(3LIB) are MT-Safe only if each thread within
- the multi-threaded application uses its own PAM handle.
-
-
If this module is replaced, the audit context and credential may not be
correctly configured.
+HISTORY
+ Creation of a subdirectory under /tmp/volatile-user for the user was
+ added in Oracle Solaris 11.4.0.
+
+
+ Prompting for an audit record annotation string, along with support for
+ the annotation_prompt and noannotation options, was added in Oracle
+ Solaris 11.4.0.
+
+
+ Setting the process clearance level was added in Oracle Solaris 11.4.0.
+
+
+ Creation of a subdirectory under /var/user for the user was added in
+ Oracle Solaris 11.0.0.
+
+
+ Initializing privilege sets was added to pam_unix_cred in Solaris 10
+ 3/05, as part of the introduction of privilege sets to the operating
+ system.
+
+
+ Setting the project was added to pam_unix_cred in Solaris 10 3/05.
+ Prior Prior to that, this work was performed in the pam_project module.
+
+
+ The pam_unix_cred module was introduced in Solaris 9, and later back-
+ ported to patches for Solaris 8. This included support for the debug
+ and nowarn options. Prior to that, this work was performed in the
+ pam_unix module.
+
-Oracle Solaris 11.4 14 May 2018 pam_unix_cred(7)
+Oracle Solaris 11.4 15 Mar 2023 pam_unix_cred(7)
diff -NurbBw 11.4.57/man7/pam_unix_session.7 11.4.60/man7/pam_unix_session.7
--- 11.4.57/man7/pam_unix_session.7 2023-08-23 17:32:55.972704012 -0700
+++ 11.4.60/man7/pam_unix_session.7 2023-08-23 17:33:24.832129716 -0700
@@ -7,7 +7,7 @@
pam_unix_session - session management PAM module for UNIX
SYNOPSIS
- pam_unix_session.so.1
+ pam_unix_session.so.1 [debug] [nowarn]
DESCRIPTION
The pam_unix_session module implements pam_sm_open_session(3PAM) and
@@ -45,7 +45,7 @@
login PAM_TEXT_INFO message.
-ERRORS
+RETURN VALUES
Upon successful completion, PAM_SUCCESS is returned. The following
error codes are returned upon error:
@@ -63,9 +63,9 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
- |Interface Stability |Committed |
+ |Availability |system/library/pam-core |
+-----------------------------+-----------------------------+
- |MT Level |MT-Safe with exceptions |
+ |Interface Stability |Committed |
+-----------------------------+-----------------------------+
SEE ALSO
@@ -73,11 +73,19 @@
witch.conf(5), pam.conf(5), attributes(7), pam_authtok_check(7),
pam_authtok_get(7), pam_authtok_store(7), pam_dhkeys(7),
pam_passwd_auth(7), pam_unix_account(7), pam_unix_auth(7),
+ pam_unix_cred(7)
+
+HISTORY
+ The display of last login time was moved from the individual programs
+ to the pam_unix_session module in Oracle Solaris 11.3.0. This included
+ adding support for the nowarn option.
+
-NOTES
- The interfaces in libpam(3LIB) are MT-Safe only if each thread within
- the multi-threaded application uses its own PAM handle.
+ The pam_unix_session module was introduced in Solaris 9, and later
+ backported to patches for Solaris 8. This included support for the
+ debug option. Prior to that, this work was performed in the pam_unix
+ module.
-Oracle Solaris 11.4 14 May 2018 pam_unix_session(7)
+Oracle Solaris 11.4 15 Mar 2023 pam_unix_session(7)
diff -NurbBw 11.4.57/man7/pam_user_policy.7 11.4.60/man7/pam_user_policy.7
--- 11.4.57/man7/pam_user_policy.7 2023-08-23 17:32:56.005883748 -0700
+++ 11.4.60/man7/pam_user_policy.7 2023-08-23 17:33:24.865148756 -0700
@@ -7,7 +7,7 @@
pam_user_policy - PAM user authentication policy module
SYNOPSIS
- pam_user_policy.so.1
+ pam_user_policy.so.1 [debug]
DESCRIPTION
The pam_user_policy module causes a user-specific PAM configuration to
@@ -18,11 +18,11 @@
The PAM configuration to evaluate is determined by looking for a
- pam_policy key in a user's attributes (see user_attr(5)) or any rights
- profiles assigned to the user in user_attr or in a default rights pro-
- file granted in policy.conf(5), and then finally for any value assigned
- to PAM_POLICY in policy.conf. If no pam_policy key is found for the
- user, the pam_user_policy module returns PAM_IGNORE.
+ pam_policy key in a user's attributes or any rights profiles assigned
+ to the user in user_attr(5), or in a default rights profile granted in
+ policy.conf(5), and then finally for any value assigned to PAM_POLICY
+ in policy.conf. If no pam_policy key is found for the user, the
+ pam_user_policy module returns PAM_IGNORE.
Failure to obtain a user name is considered an error (see below).
@@ -30,14 +30,14 @@
This module should generally be stacked as the first module, possibly
as the only module, in a PAM service configuration using a control_flag
- value of 'definitive'. A control_flag value of 'sufficient' or 'bind-
- ing' may also work, depending on the PAM service and the contents of
- the user-specific PAM configuration.
+ value of definitive. A control_flag value of sufficient or binding may
+ also work, depending on the PAM service and the contents of the user-
+ specific PAM configuration.
The pathname to the user-specific PAM configuration file passed to
- pam_eval(3PAM) must be absolute so pam_user_policy prepends "/etc/secu-
- rity/pam_policy" to any non-absolute PAM configuration pathnames. The
+ pam_eval(3PAM) must be absolute so pam_user_policy prepends /etc/secu-
+ rity/pam_policy/ to any non-absolute PAM configuration pathnames. The
user-specific PAM configuration file has the same format as pam.conf
and must include the service name field just as /etc/pam.conf. For more
information, see the pam.conf(5) man page.
@@ -54,10 +54,10 @@
already set. If no user name can be obtained, PAM_IGNORE is returned.
- If assuming a role which has been configured with the roleauth=user
- attribute in the user_attr() function then the authenticated user name
- specified in PAM_AUSER, if set, is treated as the current user name.
- For more information, see the user_attr(5) man page.
+ If the user is assuming a role which has been configured with the
+ roleauth=user attribute in the user_attr database then the authenti-
+ cated user name specified in PAM_AUSER, if set, is treated as the cur-
+ rent user name. For more information, see the user_attr(5) man page.
The pam_user_policy authentication module then looks up the name of a
@@ -97,48 +97,92 @@
A number of pam.conf files for inclusion by pam_user_policy can be
found in /etc/security/pam_policy:
- unix Use only UNIX passwords for authentication, account
- management, and password management.
+ unix
+ Use only UNIX passwords for authentication, account management, and
+ password management.
- krb5_only Use Kerberos V5 only for authentication, account man-
- agement, and password management.
+ krb5_only
- krb5_first Use Kerberos V5 for authentication with fallback on
- UNIX authentication, use Kerberos V5 for account man-
- agement and password management for Kerberos users and
- UNIX for account management and password management
- for UNIX users.
+ Use only Kerberos V5 for authentication, account management, and
+ password management.
- krb5_optional Use UNIX for authentication, account management, and
- password management and then optionally using Kerberos
- V5 for authentication, account management and password
- management for Kerberos users.
+ krb5_first
+ Use Kerberos V5 for authentication with fallback on UNIX authenti-
+ cation, use Kerberos V5 for account management and password manage-
+ ment for Kerberos users, and UNIX for account management and pass-
+ word management for UNIX users.
- ldap Use pam_ldap(7) for authentication, account manage-
- ment, and password management for LDAP users and UNIX
- for authentication, account management, and password
- management for UNIX users.
+ krb5_optional
- any Try Kerberos V, LDAP and UNIX, in that order, and as
- sufficient, for authentication, account management,
- and password management.
+ Use UNIX for authentication, account management, and password man-
+ agement, and then optionally using Kerberos V5 for authentication,
+ account management and password management for Kerberos users.
- krb5_keytab Use pam_krb5_keytab for PAM authentication with Ker-
- beros through keytab and optionally, authentication
- through pam_gss_s4u for Services For Users (S4U). For
- more information, see the pam_gss_s4u(7) man page.
+ ldap
+ Use pam_ldap(7) for authentication, account management, and pass-
+ word management for LDAP users, and UNIX for authentication,
+ account management, and password management for UNIX users.
- gss_s4u Use pam_krb5_keytab for PAM authentication with Ker-
- beros through keytab and optionally, authentication
- through pam_gss_s4u for Services For Users (S4U). For
- more information, see the pam_gss_s4u(7) man page.
+
+ any
+
+ Try Kerberos V, LDAP and UNIX, in that order, and as sufficient,
+ for authentication, account management, and password management.
+
+
+ krb5_keytab
+
+ Use pam_krb5_keytab for PAM authentication with Kerberos through
+ keytab and optionally, authentication through pam_gss_s4u for Ser-
+ vices For Users (S4U). For more information, see the pam_gss_s4u(7)
+ man page.
+
+
+ gss_s4u
+
+ Use pam_krb5_keytab for PAM authentication with Kerberos through
+ keytab and optionally, authentication through pam_gss_s4u for Ser-
+ vices For Users (S4U). For more information, see the pam_gss_s4u(7)
+ man page.
+
+
+ radius
+
+ Authenticates only via RADIUS. For more information, see the
+ pam_radius_auth(7) man page.
+
+
+ ldap-radius-2fa
+
+ Authenticates via LDAP password with a RADIUS second factor.
+
+
+ unix-radius-2fa
+
+ Authenticates via UNIX password with a RADIUS second factor.
+
+
+ otp
+
+ Uses UNIX authentication (UNIX passwords) combined with One-Time
+ Passwords (HOTP or TOTP). With this configuration, the user will be
+ prompted for an OTP code only after the correct UNIX password has
+ been entered.
+
+
+ otp_strict
+
+ Uses UNIX authentication (UNIX passwords) combined with One-Time
+ Passwords (HOTP or TOTP). With this configuration, the user will be
+ prompted to enter an OTP code regardless of whether the correct
+ UNIX password was entered.
EXAMPLES
@@ -169,14 +212,13 @@
$ usermod -K pam_policy=custom curly
-
Example 3 Create a new profile.
The following example creates a new profile named "PAM Per-User Policy
- of LDAP" and assign it to user 'moe' indicating that pam_ldap(7) should
- be used for all PAM services. Alternatively the profile could be
+ of LDAP" and assigns it to user 'moe' indicating that pam_ldap(7)
+ should be used for all PAM services. Alternatively the profile could be
assigned to all users by adding it to PROFS_GRANTED in policy.conf(5).
@@ -206,20 +246,19 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
- |Interface Stability |Committed |
+ |Availability |system/library/pam-core |
+-----------------------------+-----------------------------+
- |MT-Level |MT-Safe with exceptions |
+ |Interface Stability |Committed |
+-----------------------------+-----------------------------+
SEE ALSO
syslog(3C), libpam(3LIB), pam(3PAM), pam_eval(3PAM),
pam_get_user(3PAM), pam_set_data(3PAM), pam.conf(5), policy.conf(5),
- prof_attr(5), user_attr(5), attributes(7), pam_ldap(7)
+ prof_attr(5), user_attr(5), attributes(7), pam_ldap(7), usermod(8)
-NOTES
- The interfaces in libpam(3LIB) are MT-Safe only if each thread within
- the multithreaded application uses its own PAM handle.
+HISTORY
+ The pam_user_policy module was introduced in Oracle Solaris 11.1.0.
-Oracle Solaris 11.4 11 May 2021 pam_user_policy(7)
+Oracle Solaris 11.4 15 Mar 2023 pam_user_policy(7)
diff -NurbBw 11.4.57/man7/pam_zfs_key.7 11.4.60/man7/pam_zfs_key.7
--- 11.4.57/man7/pam_zfs_key.7 2023-08-23 17:32:56.035632034 -0700
+++ 11.4.60/man7/pam_zfs_key.7 2023-08-23 17:33:24.896455235 -0700
@@ -7,7 +7,7 @@
pam_zfs_key - PAM user credential module for ZFS
SYNOPSIS
- pam_zfs_key.so.1 [create] [homes=]
+ pam_zfs_key.so.1 [create] [encryption] [force] [homes=path] [nowarn]
DESCRIPTION
The pam_zfs_key module implements pam_sm_setcred(3PAM) and pam_sm_chau-
@@ -18,14 +18,13 @@
ing of the ZFS encryption passphrase for encrypted file systems that
are mounted at the user's home directory location. Authentication ser-
vice modules must implement both pam_sm_authenticate() and pam_sm_set-
- cred().
+ cred(). pam_sm_authenticate() in this module always returns PAM_IGNORE.
- pam_sm_authenticate() in this module always returns PAM_IGNORE. If the
- user's home directory is located on a different ZFS dataset than
+ If the user's home directory is located on a different ZFS dataset than
rpool/export/home, the module option homes= can be used to specify
- that. It is the ZFS dataset name, not the mountpoint, which would usu-
- ally be /export/home/.
+ that. The specified value is the ZFS dataset name, not the mountpoint,
+ which would usually be /export/home/.
The last component of the ZFS dataset name must match the value of
@@ -97,7 +96,7 @@
doing PAM_DELETE_CRED.
- homes= Alternate location of ZFS datasets for user home directo-
+ homes=path Alternate location of ZFS datasets for user home directo-
ries. The default is rpool/export/home.
@@ -170,28 +159,26 @@
other password required pam_authtok_store.so.1
-
-
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
- +-----------------------------+------------------------------------+
+ +-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
- +-----------------------------+------------------------------------+
+ +-----------------------------+-----------------------------+
+ |Availability |system/file-system/zfs |
+ +-----------------------------+-----------------------------+
|Interface Stability |Committed |
- +-----------------------------+------------------------------------+
- |MT-Level |MT-Safe with exceptions. See below. |
- +-----------------------------+------------------------------------+
-
-
- The interfaces in libpam(3LIB) are MT-Safe only if each thread within
- the multi-threaded application uses its own PAM handle.
+ +-----------------------------+-----------------------------+
SEE ALSO
umount2(2), libpam(3LIB), pam(3PAM), pam_sm_chauthtok(3PAM),
- pam_sm_setcred(3PAM), pam.conf(5), attributes(7), zfs(8)
+ pam_sm_setcred(3PAM), pam.conf(5), attributes(7), zfs(8),
+ zfs_encrypt(8)
+
+HISTORY
+ The pam_zfs_key module was introduced in Oracle Solaris 11.0.0.
-Oracle Solaris 11.4 6 Feb 2020 pam_zfs_key(7)
+Oracle Solaris 11.4 15 Mar 2023 pam_zfs_key(7)
diff -NurbBw 11.4.57/man7/smf.7 11.4.60/man7/smf.7
--- 11.4.57/man7/smf.7 2023-08-23 17:32:56.077222134 -0700
+++ 11.4.60/man7/smf.7 2023-08-23 17:33:24.939281824 -0700
@@ -408,31 +408,40 @@
The general property group applies to all service instances. It
includes the following properties:
- enabled (boolean) Specifies whether the instance is enabled. If
- this property is not present on an instance,
- SMF does not tell the instance's restarter
+ enabled (boolean)
+
+ Specifies whether the instance is enabled. If this property is not
+ present on an instance, SMF does not tell the instance's restarter
about the existence of the instance.
- restarter (fmri) The restarter for this service. See the
- Restarters section for more information. If
- this property is unset, the default system
+ restarter (fmri)
+
+ The restarter for this service. See the Restarters section for more
+ information. If this property is unset, the default system
restarter is used.
- complete (astring) Whether this service is complete or is a par-
- tial definition that should not be started.
- This property is automatically set on mani-
- fest import. Alternatively, an instance with-
- out this property that successfully validates
- against the template definitions (see
- scf_tmpl_validate_fmri(3SCF)) will have this
- property created by svcadm(8) on enable.
+ complete (astring)
+
+ Whether this service is complete or is a partial definition that
+ should not be started. This property is automatically set on mani-
+ fest import. Alternatively, an instance without this property that
+ successfully validates against the template definitions (see
+ scf_tmpl_validate_fmri(3SCF)) will have this property created by
+ svcadm(8) on enable.
+
+
+ goal-service (boolean)
+ When set to true, activates the behavior of goal services. For more
+ information, see the Goal Services section for details.
- goal-service (boolean) When set to true, activates the behavior of
- goal services. For more information, see the
- Goal Services section for details.
+
+ notification_delay (integer)
+
+ The time delay in seconds to publish a maintenance state transition
+ notification for a service if the service remains in maintenance.
Layers
@@ -636,6 +645,13 @@
svc:/milestone/multi-user-server:default
+
+ The value of notification_delay property is the delay in seconds that
+ svc.startd(8) waits before publishing a maintenance state transition
+ notification if the service remains in maintenance. The default value
+ for milestone/goals is 100 seconds. For more information, see General
+ Property Group section.
+
Legacy Startup Scripts
Startup programs in the /etc/rc?.d directories are executed as part of
the corresponding run-level milestone:
@@ -669,4 +685,4 @@
-Oracle Solaris 11.4 9 May 2018 smf(7)
+Oracle Solaris 11.4 7 Mar 2023 smf(7)
diff -NurbBw 11.4.57/man8/acpihpd.8 11.4.60/man8/acpihpd.8
--- 11.4.57/man8/acpihpd.8 2023-08-23 17:32:56.108539483 -0700
+++ 11.4.60/man8/acpihpd.8 2023-08-23 17:33:24.968644824 -0700
@@ -43,6 +43,8 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
+ |Architecture |x86 |
+ +-----------------------------+-----------------------------+
|Availability |system/kernel/dynamic- |
| |reconfiguration/i86pc |
+-----------------------------+-----------------------------+
@@ -62,4 +64,4 @@
-Oracle Solaris 11.4 29 Mar 2010 acpihpd(8)
+Oracle Solaris 11.4 14 Jun 2023 acpihpd(8)
diff -NurbBw 11.4.57/man8/admhist.8 11.4.60/man8/admhist.8
--- 11.4.57/man8/admhist.8 2023-08-23 17:32:56.141055722 -0700
+++ 11.4.60/man8/admhist.8 2023-08-23 17:33:25.002438076 -0700
@@ -3,8 +3,7 @@
NAME
- admhist - display a summary of system administration related events
- successfully executed on the system
+ admhist - display a summary of administrative events on the system.
SYNOPSIS
admhist [-a date-time] [-b date-time] [-d date-time] [-z zonename]
@@ -16,71 +15,54 @@
DESCRIPTION
The admhist command displays a summary of the successful system admin-
- istration related events in ASCII format. By default, the events are
- selected from the audit trail files under /var/audit. However, an
- alternate audit directory can be specified by using the -R option, or
- specific audit trail files can be specified on the command line. Only
- users with the PRIV_FILE_DAC_READ privilege can use the admhist util-
- ity. If Trusted Extensions have been enabled, users must also have the
- PRIV_SYS_TRANS_LABEL privilege. Both of these privileges are included
- in the Audit Review rights profile.
+ istration related events in ASCII format. The admhist command also dis-
+ plays a summary of Service Management Facility (SMF) audit events. By
+ default, the events are selected from the audit trail files under
+ /var/audit. However, an alternate audit directory can be specified by
+ using the -R option, or specific audit trail files can be specified on
+ the command line. Only users with the PRIV_FILE_DAC_READ privilege can
+ use the admhist utility. If Trusted Extensions have been enabled, users
+ must also have the PRIV_SYS_TRANS_LABEL privilege. Both of these privi-
+ leges are included in the Audit Review rights profile.
OPTIONS
The following options are supported:
- -a date-time
-
- Selects administrative events that occurred on or after the date-
- time. The date-time argument is described under the 'Time Formats'
- section below. The -a and -b options can be used together to form a
+ -a date-time Selects administrative and SMF events that occurred
+ on or after the date-time. The date-time argument is
+ described under the 'Time Formats' section below.
+ The -a and -b options can be used together to form a
range.
- -b date-time
-
- Selects administrative events that occurred before the date-time.
- The date-time argument is described under the 'Time Formats' sec-
- tion below.
-
-
- -d date-time
+ -b date-time Selects administrative and SMF events that occurred
+ before the date-time. The date-time argument is
+ described under the 'Time Formats' section below.
- Selects administrative events that occurred on a specific day. The
- date-time argument is described under the 'Time Formats' section
- below.
+ -d date-time Selects administrative and SMF events that occurred
+ on a specific day. The date-time argument is
+ described under the 'Time Formats' section below.
- -t [tags-file:]tag[,tag...]
- Selects administrative events which match the definition for one or
- more of the specified tags. See the audit_tags(5) man page for more
- details on including information about default tag names.
-
-
- -z zonename
-
- Selects administrative events from the specified zone name. This
- option only applies to administrative events generated when the
- zonename audit policy has been enabled. For more information, refer
+ -z zonename Selects administrative and SMF events from the spec-
+ ified zone name. This option only applies to admin-
+ istrative events generated when the zonename audit
+ policy has been enabled. For more information, refer
to the auditconfig(8) man page.
- -u username/uid
-
- Select events for the specified (audit) userid/username. Can be
- specified multiple times to select events from multiple users.
+ -u username/uid Select events for the specified (audit) userid/user-
+ name. Can be specified multiple times to select
+ events from multiple users.
- -v
+ -v Verbose. Includes the hostname and current working
+ directory associated with each administrative event.
- Verbose. Includes the hostname and current working directory asso-
- ciated with each administrative event.
-
- -R
-
- Specifies the pathname of an alternate directory containing audit
- trail files.
+ -R Specifies the pathname of an alternate directory
+ containing audit trail files.
Time Formats
@@ -127,8 +109,8 @@
- The following command displays the system administration events that
- occurred in zone myzone.
+ The following command displays the system administration events and SMF
+ events that occurred in zone myzone.
# admhist -z myzone
@@ -138,8 +120,8 @@
- The following command displays the system administration events that
- occurred on the system in the last eight hours.
+ The following command displays the system administration events and SMF
+ events that occurred on the system in the last eight hours.
# admhist -a "last 8 hours"
@@ -149,8 +131,8 @@
- The following command displays the system administration events that
- occurred in the past week excluding yesterday.
+ The following command displays the system administration events and SMF
+ events that occurred in the past week excluding yesterday.
# admhist -a "last week" -b yesterday
@@ -160,13 +142,35 @@
- The following command displays the system administration events present
- in a specific audit trail file.
+ The following command displays the system administration events and SMF
+ events present in a specific audit trail file.
# admhist /var/audit/20150507091957.20150521095216.hostname
+ Example 5 Displaying audit events on the System
+
+
+
+ The following command displays the system administration events and the
+ SMF events that occurred on the system during the specified time
+ period.
+
+
+ # admhist -a "last 3 hours"
+ 2023-01-24 10:49:04 jack /usr/bin/su su - jack
+ 2023-01-24 10:49:05 jack /usr/bin/su su -
+ 2023-01-24 10:49:14 jack success change service instance property svc:/system/system-log:rsyslog/:properties/restarter_actions/auxiliary_tty
+ 2023-01-24 10:49:14 jack success change service instance property svc:/system/system-log:rsyslog/:properties/restarter_actions/auxiliary_fmri
+ 2023-01-24 10:49:14 jack success persistently enable service instance svc:/system/system-log:rsyslog/:properties/general/enabled
+ 2023-01-24 10:49:14 jack success change service instance property svc:/system/system-log:rsyslog/:properties/general/enabled
+ 2023-01-24 10:49:24 jack success change service instance property svc:/system/system-log:default/:properties/restarter_actions/auxiliary_tty
+ 2023-01-24 10:49:24 jack success change service instance property svc:/system/system-log:default/:properties/restarter_actions/auxiliary_fmri
+ 2023-01-24 10:49:24 jack success persistently disable service instance svc:/system/system-log:default/:properties/general/enabled
+ 2023-01-24 10:49:24 jack success change service instance property svc:/system/system-log:default/:properties/general/enabled
+
+
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
@@ -195,4 +199,4 @@
-Oracle Solaris 11.4 21 Jun 2021 admhist(8)
+Oracle Solaris 11.4 16 Feb 2023 admhist(8)
diff -NurbBw 11.4.57/man8/cfgadm_sata.8 11.4.60/man8/cfgadm_sata.8
--- 11.4.57/man8/cfgadm_sata.8 2023-08-23 17:32:56.177702115 -0700
+++ 11.4.60/man8/cfgadm_sata.8 2023-08-23 17:33:25.040356874 -0700
@@ -574,6 +574,8 @@
+-----------------------------+-------------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-------------------------------+
+ |Architecture |x86 |
+ +-----------------------------+-------------------------------+
|Availability |system/dynamic-reconfiguration |
+-----------------------------+-------------------------------+
@@ -611,4 +613,4 @@
-Oracle Solaris 11.4 14 May 2018 cfgadm_sata(8)
+Oracle Solaris 11.4 14 Jun 2023 cfgadm_sata(8)
diff -NurbBw 11.4.57/man8/cmiadm.8 11.4.60/man8/cmiadm.8
--- 11.4.57/man8/cmiadm.8 2023-08-23 17:32:56.209496056 -0700
+++ 11.4.60/man8/cmiadm.8 2023-08-23 17:33:25.070959685 -0700
@@ -142,6 +142,8 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
+ |Architecture |SPARC |
+ +-----------------------------+-----------------------------+
|Interface Stability |Uncommitted |
+-----------------------------+-----------------------------+
|Availability |system/cmi |
@@ -152,4 +154,4 @@
-Oracle Solaris 11.4 10 Mar 2016 cmiadm(8)
+Oracle Solaris 11.4 14 Jun 2023 cmiadm(8)
diff -NurbBw 11.4.57/man8/coreadm.8 11.4.60/man8/coreadm.8
--- 11.4.57/man8/coreadm.8 2023-08-23 17:32:56.249163668 -0700
+++ 11.4.60/man8/coreadm.8 2023-08-23 17:33:25.111086871 -0700
@@ -6,23 +6,26 @@
coreadm - core file administration
SYNOPSIS
- coreadm [-g pattern] [-G content] [-i pattern] [-I content]
- [-k pattern] [-d option]... [-e option]...
+ coreadm [-c list] [-C] [-g pattern] [-G content] [-i pattern] [-I content]
+ [-k pattern] [-d option]... [-e option]... [-R option]
coreadm [-p pattern] [-P content] [-r policy] [pid]...
+
+ coreadm -e|-d asr|alert [path]...
+
DESCRIPTION
coreadm specifies the name and location of core files produced by
abnormally-terminating processes. See the core(5) man page.
Only users and roles that belong to the Maintenance and Repair RBAC
- profile can execute the first form of the SYNOPSIS. This form config-
- ures system-wide core file options, including a global core file name
- pattern, kernel zone core file name pattern and a core file name pat-
- tern for the init(8) process. All settings are saved persistently and
- will be applied at boot.
+ profile can execute the first and third forms of the SYNOPSIS. These
+ forms configure system-wide core file options, including a global core
+ file name pattern, kernel zone core file name pattern and a core file
+ name pattern for the init(8) process. All settings are saved persis-
+ tently and will be applied at boot.
Non-privileged users can execute the second form of the SYNOPSIS. This
@@ -198,19 +201,22 @@
$ coreadm
- global core file pattern: /var/cores/core.%f.%p
- kernel zone core file pattern: /var/cores/%z/kzcore.%t
- global core file content: all
+ global core file pattern: /var/cores/core.%z.%f.%u.%p
+ global core file content: default
+ kernel zone core file pattern: /var/cores/kzone.%z.%t
init core file pattern: core
init core file content: default
- global core dumps: enabled
- kernel zone core dumps: enabled
+ global core dumps: disabled
+ kernel zone core dumps: disabled
per-process core dumps: enabled
- global setid core dumps: enabled
+ global setid core dumps: disabled
per-process setid core dumps: disabled
global core dump logging: disabled
- retention policy: summary
diagnostic core dumps: enabled
+ retention policy: summary
+ core diagnostic alert: enabled
+ automated service request: enabled
+
@@ -236,8 +242,9 @@
tion, and, if the process was running in a local (non-global) zone, one
in the global location for the zone in which that process was running.
In addition, if the diagnostic option is enabled, a diagnostic core
- file is dumped in /var/diag/<process_uuid>. Each core file is generated
- according to the effective options for the corresponding location.
+ file is dumped in /var/share/diag/<process_uuid>. Each core file is
+ generated according to the effective options for the corresponding
+ location.
When generated, a global core file is created in mode 600 and owned by
@@ -321,11 +328,37 @@
pattern.
- alert
+ alert [ list ]
Instruct whether FMA should generate an alert event after
receiving diagnostic core data.
+ If list is supplied, it specifies a list of binaries to indi-
+ cate whether an FMA alert is raised when a program dumps core.
+
+ If list is supplied, all remaining arguments on the command
+ line are the list of binaries pertaining to the alert option.
+
+ The list is added to or replaces any existing configuration.
+
+ The default behavior raises FMA alerts for all Oracle Solaris
+ binaries but not for non-Oracle Solaris binaries.
+
+
+ asr [ list ]
+
+ Instruct whether an Automated Service Request (ASR) should be
+ logged when an FMA alert is raised for a core dump.
+
+ If list is supplied, it specifies a list of binaries to indi-
+ cate whether an an ASR is logged when FMA alert is raised when
+ a that program dumps core.
+
+ If list is supplied, all remaining arguments on the command
+ line are the list of binaries pertaining to the asr option.
+
+ The list is added to or replaces any existing configuration.
+
proc-setid
@@ -461,14 +494,26 @@
profile can use this option.
+ -R alert | asr
+
+ Clears the list of customizations for which binaries will result in
+ diagnostic alerts raised, or ASRs being logged when program dumps
+ core.
+
+ Only users and roles belonging to the Maintenance and Repair RBAC
+ profile can use this option.
+
+
Note -
- Multiple -e and -d options can be specified on the command line. Only
- users and roles belonging to the "Maintenance and Repair" RBAC pro-
- file can use this option.
+ Multiple -e and -d options can be specified on the command line. How-
+ ever if a list of binaries is provided to alert or asr, all remaining
+ arguments are assumed to be the list of binaries and not further -e
+ and -d can be provided. Only users and roles belonging to the "Main-
+ tenance and Repair" RBAC profile can use this option.
@@ -577,6 +622,43 @@
data if the property is true.
+ asr (boolean)
+
+ When the property value is false (0), an ASR is not raised when an
+ FMA alert is generated when a program dumps core.
+
+
+
+
+ The following property groups and properties are supported on the sys-
+ tem/fm/asr-notify:default and system/coremon:default service instances.
+ Users can use coreadm commands to set or update these property or cre-
+ ate SMF profiles with these properties to set or update the values.
+
+
+ config/corediag (property group)
+
+ Property group which contains properties used to overide default
+ behaviour of raising ASRs or FMA alerts.
+
+ If the property group is on the svc:/system/fm/asr-notify:default
+ service, controls whether an ASR is raised when an FMA alert is
+ raised for a program dumping core. If the property group is on the
+ svc:/system/coremon:default service, it is used to store properties
+ for whether an FMA alert is raised for a core dump.
+
+
+ config/corediag/string (boolean)
+
+ The string is the Universal Resource Identifier (URI) encoded path
+ to a binary. For example /usr/lib/inet/ntpd would be
+ %2Fusr%2Flib%2Finet%2Fntpd.
+
+ Depending on whether the property is on the svc:/system/core-
+ mon:default or the svc:/system/fm/asr-notify:default controls
+ whether FMA alerts and ASRs are raised.
+
+
EXAMPLES
Example 1 Setting the Core File Name Pattern
@@ -725,6 +807,66 @@
+
+ Example 8 Configuring a non-Oracle Binary to Raise FMA Alerts Upon Core
+ Dump
+
+
+
+ The following command enables FMA alerts for certain binaries that are
+ not supplied by Oracle.
+
+
+
+ example# coreadm -e alert /opt/applications/myapp,/opt/application/myotherapp
+
+
+
+
+ Example 9 Configuring an Oracle Binary to Disable FMA Alerts Upon Core
+ Dump
+
+
+
+ The following command disables FMA alerts for certain binaries that are
+ supplied by Oracle.
+
+
+
+ example# coreadm -d alert /usr/bin/vim,/usr/sbin/svccfg
+
+
+
+
+ Example 10 Configuring a non-Oracle Binary to Disable Logging for ASRs
+ Upon Core Dump
+
+
+
+ The following command disables the logging of ASRs when receiving an
+ FMA alert upon core dump.
+
+
+
+ example# coreadm -d asr /usr/lib/inet/ntpd
+
+
+
+
+ Example 11 Clearing ASR for Particular Binaries From a Configuration
+
+
+
+ The following command clears the list of any binaries that would result
+ in ASRs being logged when an FMA alert is received for a core dump.
+
+
+
+ example# coreadm -R asr
+
+
+
+
FILES
/var/cores
@@ -808,4 +950,4 @@
-Oracle Solaris 11.4 02 Feb 2017 coreadm(8)
+Oracle Solaris 11.4 16 Mar 2023 coreadm(8)
diff -NurbBw 11.4.57/man8/daxinfo.8 11.4.60/man8/daxinfo.8
--- 11.4.57/man8/daxinfo.8 2023-08-23 17:32:56.280420361 -0700
+++ 11.4.60/man8/daxinfo.8 2023-08-23 17:33:25.145057007 -0700
@@ -107,6 +98,8 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
+ |Architecture |SPARC |
+ +-----------------------------+-----------------------------+
|Availability |system/core-os |
+-----------------------------+-----------------------------+
|Interface Stability |Uncommitted |
@@ -117,4 +110,4 @@
-Oracle Solaris 11.4 23 Aug 2017 daxinfo(8)
+Oracle Solaris 11.4 14 Jun 2023 daxinfo(8)
diff -NurbBw 11.4.57/man8/daxstat.8 11.4.60/man8/daxstat.8
--- 11.4.57/man8/daxstat.8 2023-08-23 17:32:56.315284116 -0700
+++ 11.4.60/man8/daxstat.8 2023-08-23 17:33:25.177516498 -0700
@@ -157,7 +148,7 @@
option.
- -T Prints a time stamp before each report, in either standard
+ -T u | d Prints a time stamp before each report, in either standard
date format, d, or the internal representation of time, u.
For more information, see the time(2) and date(1) man
pages.
@@ -274,6 +252,8 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
+ |Architecture |SPARC |
+ +-----------------------------+-----------------------------+
|Availability |system/sstore |
+-----------------------------+-----------------------------+
|Interface Stability |Uncommitted |
@@ -296,4 +276,4 @@
-Oracle Solaris 11.4 15 May 2017 daxstat(8)
+Oracle Solaris 11.4 14 Jun 2023 daxstat(8)
diff -NurbBw 11.4.57/man8/drd.8 11.4.60/man8/drd.8
--- 11.4.57/man8/drd.8 2023-08-23 17:32:56.344455335 -0700
+++ 11.4.60/man8/drd.8 2023-08-23 17:33:25.207316789 -0700
@@ -25,6 +25,8 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
+ |Architecture |SPARC |
+ +-----------------------------+-----------------------------+
|Availability |system/ldoms |
+-----------------------------+-----------------------------+
|Interface Stability |Uncommitted |
@@ -55,4 +57,4 @@
-Oracle Solaris 11.4 10 Jul 2006 drd(8)
+Oracle Solaris 11.4 14 Jun 2023 drd(8)
diff -NurbBw 11.4.57/man8/dtrace.8 11.4.60/man8/dtrace.8
--- 11.4.57/man8/dtrace.8 2023-08-23 17:32:56.384811539 -0700
+++ 11.4.60/man8/dtrace.8 2023-08-23 17:33:25.249091431 -0700
@@ -107,7 +107,7 @@
option constructs a set of dtrace(4D) configuration file directives
to enable the specified probes for anonymous tracing and then
exits. By default, dtrace attempts to store the directives to the
- file /etc/kernel/drv/dtrace.conf. You can modify this behavior if
+ file /etc/driver/drv/dtrace.conf. You can modify this behavior if
you use the -o option to specify an alternate output file.
@@ -278,7 +278,7 @@
Specify the output file for the -A, -G, -h, and -l options, or for
the traced data itself. If the -A option is present and -o is not
- present, the default output file is /etc/kernel/drv/dtrace.conf. If
+ present, the default output file is /etc/driver/drv/dtrace.conf. If
the -G option is present and the -s option's argument is of the
form filename.d and -o is not present, the default output file is
filename.o. Otherwise the default output file is d.out.
@@ -526,4 +526,4 @@
-Oracle Solaris 11.4 25 Mar 2020 dtrace(8)
+Oracle Solaris 11.4 29 Mar 2023 dtrace(8)
diff -NurbBw 11.4.57/man8/dumpadm.8 11.4.60/man8/dumpadm.8
--- 11.4.57/man8/dumpadm.8 2023-08-23 17:32:56.420457780 -0700
+++ 11.4.60/man8/dumpadm.8 2023-08-23 17:33:25.286855114 -0700
@@ -146,8 +146,7 @@
dump-device
A block device specified as an absolute pathname, such as
- /dev/dsk/cNtNdNsN, or a ZFS volume such as
- /dev/zvol/dsk/rpool/dump.
+ /dev/dsk/cNtNdNsN, or a ZFS volume such as rpool/dump.
swap
@@ -425,23 +424,24 @@
message will be displayed.
Dump Device/Swap Device Interaction
- In the event that the dump device is also a swap device but not a ZFS
- volume and the swap device is deleted by the administrator using the
- swap -d command, the swap command will automatically invoke dumpadm
- -d swap in order to attempt to configure another appropriate swap
- device as the dump device. If no swap devices remain or none can be
- configured as the dump device, the crash dump will be disabled and a
- warning message will be displayed. Similarly, if the crash dump is dis-
- abled and the administrator adds a new swap device using the swap -a
- command, dumpadm -d swap will be invoked to re-enable the crash dump
- using the new swap device.
+ In the event that the dump device is also a swap device and the swap
+ device is deleted by the administrator using the swap -d command, the
+ swap command will automatically invoke dumpadm -d swap in order to
+ attempt to configure another appropriate swap device as the dump
+ device. If no swap devices remain or none can be configured as the dump
+ device, the crash dump will be disabled and a warning message will be
+ displayed. Similarly, if the crash dump is disabled and the administra-
+ tor adds a new swap device using the swap -a command, dumpadm -d
+ swap will be invoked to re-enable the crash dump using the new swap
+ device.
Once dumpadm -d swap has been issued, the new dump device is stored
- in the configuration file for subsequent reboots. If a larger or more
- appropriate swap device is added by the administrator, the dump device
- is not changed; the administrator must re-execute dumpadm -d swap to
- reselect the most appropriate device from the new list of swap devices.
+ in the configuration file or kvol_dump ZFS property for subsequent
+ reboots. If a larger or more appropriate swap device is added by the
+ administrator, the dump device is not changed; the administrator must
+ re-execute dumpadm -d swap to reselect the most appropriate device
+ from the new list of swap devices.
Minimum Free Space
If the dumpadm -m option is used to create a minfree file based on a
@@ -478,4 +478,4 @@
-Oracle Solaris 11.4 13 April 2022 dumpadm(8)
+Oracle Solaris 11.4 25 February 2023 dumpadm(8)
diff -NurbBw 11.4.57/man8/efdaemon.8 11.4.60/man8/efdaemon.8
--- 11.4.57/man8/efdaemon.8 2023-08-23 17:32:56.449392541 -0700
+++ 11.4.60/man8/efdaemon.8 2023-08-23 17:33:25.317833094 -0700
@@ -54,6 +54,8 @@
+-----------------------------+----------------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+----------------------------------+
+ |Architecture |SPARC |
+ +-----------------------------+----------------------------------+
|Availability |system/embedded-fcode-interpreter |
+-----------------------------+----------------------------------+
@@ -74,4 +76,4 @@
-Oracle Solaris 11.4 14 Mar 2016 efdaemon(8)
+Oracle Solaris 11.4 14 Jun 2023 efdaemon(8)
diff -NurbBw 11.4.57/man8/fcadm.8 11.4.60/man8/fcadm.8
--- 11.4.57/man8/fcadm.8 2023-08-23 17:32:56.498180951 -0700
+++ 11.4.60/man8/fcadm.8 2023-08-23 17:33:25.365154035 -0700
@@ -6,10 +6,10 @@
fcinfo, fcadm - Fibre Channel HBA Port Command Line Interface
SYNOPSIS
- fcinfo hba-port [-lite] [HBA_port_WWN]...
+ fcinfo hba-port [-Tvlite] [-o output_fields | -O output_fields] [HBA_port_WWN]...
- fcadm hba-port [-lite] [HBA_port_WWN]...
+ fcadm hba-port [-Tvlite] [HBA_port_WWN]...
fcinfo remote-port [-ls] [-p HBA_port_WWN]
@@ -77,10 +77,16 @@
hba-port Lists information for the HBA port referenced by
the specified HBA_port_WWN. If -i and -t options
- are not specified, all initiator mode and target
- mode Fibre Channel HBA ports on the host will be
+ are not specified, both initiator and target mode
+ Fibre Channel HBA ports on the host will be
listed.
+ If -T option is used then the most common fields
+ are displayed in a tabular format. User can over-
+ ride the default fields with either -o option for
+ human readable output or with -O option for
+ parsable output.
+
remote-port Lists the remote-port information for those remote
ports that are specified. If no Remote_port_WWN
@@ -165,12 +171,24 @@
interface.
+ -i, --initiator
+
+ Lists the information for initiator mode ports only.
+
+
-l, --linkstat
Lists the link error statistics information for the port referenced
by the specified HBA_port_WWN or Remote_port_WWN.
+ -N Remote_node_WWN, --remote-node Remote_node_WWN
+
+ Retrieves information of all logical units on the remote port spec-
+ ified by Remote_node_WWN. This option applies only to the subcom-
+ mand logical-unit | lu.
+
+
-n HBA_node_WWN, --node HBA_node_WWN
When used with NPIV options, specify a virtual node WWN. If used
@@ -182,26 +200,99 @@
generated based on the MAC address of the specified MAC interface.
- -p HBA_port_WWN, --port HBA_port_WWN
+ -O output_fields, --parsable output_fields
- Retrieve remote port information from the HBA_port_WWN of the local
- HBA port on the host. When used with the remote-port subcommand,
- the -p option is mandatory.
+ Displays HBA Port information in parsable format. Columns are not
+ indented, instead values are separated by ':'
- When used with NPIV options, specify a virtual port WWN. If used
- with create-npiv-port, it can be omitted, and a random based WWN
- will be used. It is mandatory for delete-npiv-port.
+ To find which NPIV ports correspond to a particular physical port,
+ user should use the contents of the field PARENT_WWN, which con-
+ tains the port WWN of the parent physical port.
- When used with create-fcoe-port subcommand, specify the port WWN
- for the FCoE port. It can be omitted, in which case a WWN will be
- generated based on the MAC address of the specified MAC interface.
+ -o output_fields, --tabular output_fields
- -N Remote_node_WWN, --remote-node Remote_node_WWN
+ Enables the user to choose HBA Port output fields to be displayed
+ in a tabular format. Field names must be one of the fields listed
+ below:
+
+ o crc_count
+
+
+ o ctrl
+
+
+ o driver_name
+
+
+ o driver_version
+
+
+ o drv_inst
+
+
+ o fcode_bios_version
+
+
+ o firmware_version
+
+
+ o link_failure_count
+
+
+ o loss_signal_count
+
+
+ o loss_sync_count
+
+
+ o manufacturer
+
+
+ o mode
+
+
+ o model
+
+
+ o node_wwn
+
+
+ o parent_wwn
+
+
+ o protocol_error_count
+
+
+ o phys_path
+
+
+ o port_id
+
+
+ o port_type
+
+
+ o port_wwn
+
+
+ o serial_number
+
+
+ o slot
+
+
+ o speed
+
+
+ o state
+
+
+ o supported_speeds
+
+
+ o tx_word_count
- Retrieves information of all logical units on the remote port spec-
- ified by Remote_node_WWN. This option applies only to the subcom-
- mand logical-unit | lu.
-P Remote_port_WWN, --remote-port Remote_node_WWN
@@ -211,6 +302,21 @@
mand logical-unit | lu.
+ -p HBA_port_WWN, --port HBA_port_WWN
+
+ Retrieve remote port information from the HBA_port_WWN of the local
+ HBA port on the host. When used with the remote-port subcommand,
+ the -p option is mandatory.
+
+ When used with NPIV options, specify a virtual port WWN. If used
+ with create-npiv-port, it can be omitted, and a random based WWN
+ will be used. It is mandatory for delete-npiv-port.
+
+ When used with create-fcoe-port subcommand, specify the port WWN
+ for the FCoE port. It can be omitted, in which case a WWN will be
+ generated based on the MAC address of the specified MAC interface.
+
+
-s, --scsi-target
Lists the SCSI target information for all remote ports the user has
@@ -222,9 +328,16 @@
applies only to an initiator mode port.
- -i, --initiator
+ -T, --tabular-default
- Lists the information for initiator mode ports only.
+ Displays default HBA Port information in a tabular format. Default
+ output fields are PORT_WWN, PARENT_WWN, MODE, CTRL, STATE and SPEED
+
+ In tabular format, NPIV ports are listed alongside physical ports.
+ NPIV ports belonging to a physical port are listed just below it.
+ For an NPIV port, the field PARENT_WWN contains port WWN of the
+ corresponding physical port. For a physical port, the field PAR-
+ ENT_WWN contains 'NA'
-t, --target
@@ -234,18 +347,21 @@
When used with create-fcoe-port, creates a FCoE target mode port.
- -v, --verbose
+ -V, --version
- When used with the logical-unit subcommand, the -v displays addi-
- tional information for the logical unit, including SCSI vendor and
- product information and device type as well as the FC World-Wide
- names for the local and remote Fibre Channel ports to which this
- device is attached.
+ Displays the version information.
- -V, --version
+ -v, --verbose
- Displays the version information.
+ When used with hba-port subcommand, -v will additionally display
+ driver instance and slot information. When combined with -T, it
+ will add node wwn, driver name, driver instance and slot informa-
+ tion to the default tabular output. When used with the logical-unit
+ subcommand, the -v displays additional information for the logical
+ unit, including SCSI vendor and product information and device type
+ as well as the FC World-Wide names for the local and remote Fibre
+ Channel ports to which this device is attached.
-?, --help
@@ -263,71 +379,42 @@
# fcinfo hba-port -i
-
- HBA Port WWN: 210000e08b074cb5
- Port Mode: Initiator
- OS Device Name: /dev/cfg/c1
- Manufacturer: QLogic Corp.
- Model: 375-3108-xx
- Firmware Version: 3.3.116
- FCode/BIOS Version: 1.13.08
- Serial Number: not available
- Driver Name: qlc
- Driver Version: 20070212-2.19
- Type: N-port
- State: online
- Supported Speeds: 1Gb 2Gb
- Current Speed: 2Gb
- Node WWN: 200000e08b074cb5
- NPIV Port List:
- Virtual Port 1:
- Port WWN: 200000e08b074cb1
- Node WWN: 200000e08b074cb3
- HBA Port WWN: 210100e08b274cb5
+ HBA Port WWN: 10000090fab9070e
Port Mode: Initiator
- OS Device Name: /dev/cfg/c2
- Manufacturer: QLogic Corp.
- Model: 375-3108-xx
- Firmware Version: 3.3.116
- FCode/BIOS Version: 1.13.08
- Serial Number: not available
- Driver Name: qlc
- Driver Version: 20070212-2.19
+ Port ID: 10701
+ OS Device Name: /dev/cfg/c18
+ Manufacturer: Emulex
+ Model: 7101684
+ Firmware Version: 7101684 1.1.43.8
+ FCode/BIOS Version: Boot:1.1.43.8 Fcode:4.03a1
+ Serial Number: 4925382+154400006N
+ Driver Name: emlxs
+ Driver Version: 3.3.2.3 (2021.04.27.12.00)
Type: N-port
State: online
- Supported Speeds: 1Gb 2Gb
- Current Speed: 2Gb
- Node WWN: 200100e08b274cb5
- HBA Port WWN: 210000e08b072ab5
- Port Mode: Initiator
- OS Device Name: /dev/cfg/c3
- Manufacturer: QLogic Corp.
- Firmware Version: 3.3.116
- FCode/BIOS Version: 1.13.08
- Model: 375-3108-xx
- Serial Number: not available
- Driver Name: qlc
- Driver Version: 20070212-2.19
- Type: L-port
- State: online
- Supported Speeds: 1Gb 2Gb
- Current Speed: 2Gb
- Node WWN: 200000e08b072ab5
- HBA Port WWN: 210100e08b272ab5
+ Supported Speeds: 4Gb 8Gb 16Gb
+ Current Speed: 8Gb
+ Node WWN: 20000090fab9070e
+ Max NPIV Ports: 127
+ NPIV port list:
+ HBA Port WWN: 2100000e1ee564d1
Port Mode: Initiator
- OS Device Name: /dev/cfg/c4
- Manufacturer: QLogic Corp.
- Model: 375-3108-xx
- Firmware Version: 3.3.116
- FCode/BIOS Version: 1.13.08
- Serial Number: 0402F00-0549112808
+ Port ID: 10800
+ OS Device Name: /dev/cfg/c14
+ Manufacturer: Marvell Technology, Inc
+ Model: 7023303
+ Firmware Version: 8.08.04
+ FCode/BIOS Version: BIOS: 3.40; fcode: 4.10; EFI: 6.19;
+ Serial Number: 463916R+1713328298
Driver Name: qlc
- Driver Version: 20070212-2.19
+ Driver Version: 220520-5.11
Type: N-port
State: online
- Supported Speeds: 1Gb 2Gb
- Current Speed: 2Gb
- Node WWN: 200100e08b272ab5
+ Supported Speeds: 4Gb 8Gb 16Gb
+ Current Speed: 8Gb
+ Node WWN: 2000000e1ee564d1
+ Max NPIV Ports: 7
+ NPIV port list:
@@ -340,64 +427,38 @@
# fcinfo hba-port -t
- HBA Port WWN: 210100e08bb09221
+ HBA Port WWN: 2100000e1e263e30
Port Mode: Target
- Port ID: 10700
+ Port ID: ef
OS Device Name: Not Applicable
Manufacturer: QLogic Corp.
- Model: d30ac7e0
- Firmware Version: 4.0.109
- FCode/BIOS Version: N/A
- Type: F-port
+ Model: QLE8362
+ Firmware Version: 8.8.4
+ FCode/BIOS Version: BIOS: 3.19; FCode: 4.02; EFI: 5.36;
+ Serial Number: 463916T+1507232753
+ Driver Name: COMSTAR QLT
+ Driver Version: 20200211-3.03
+ Type: L-port
State: online
- Supported Speeds: not established
- Current Speed: 2Gb
- Node WWN: 200100e08bb09221
- HBA Port WWN: 210000e08b909221
+ Supported Speeds: 4Gb 8Gb 16Gb
+ Current Speed: 8Gb
+ Node WWN: 2000000e1e263e30
+ HBA Port WWN: 2100000e1e263e31
Port Mode: Target
- Port ID: 10900
+ Port ID: ef
OS Device Name: Not Applicable
Manufacturer: QLogic Corp.
- Model: d37ad1e0
- Firmware Version: 4.0.109
- FCode/BIOS Version: N/A
- Type: F-port
- State: online
- Supported Speeds: not established
- Current Speed: 2Gb
- Node WWN: 200000e08b909221
- HBA Port WWN: 200000144fc2d508
- Port Mode: Target
- Port ID: 9a0025
- OS Device Name: Not Applicable
- Manufacturer: Sun Microsystems, Inc.
- Model: FCoE Virtual FC HBA
- Firmware Version: N/A
- FCode/BIOS Version: N/A
- Serial Number: N/A
- Driver Name: COMSTAR FCOET
- Driver Version: 1.0
- Type: F-port
- State: online
- Supported Speeds: 1Gb 10Gb
- Current Speed: 10Gb
- Node WWN: 100000144fc2d508
- HBA Port WWN: 200000144fc2d509
- Port Mode: Target
- Port ID: 9a0023
- OS Device Name: Not Applicable
- Manufacturer: Sun Microsystems, Inc.
- Model: FCoE Virtual FC HBA
- Firmware Version: N/A
- FCode/BIOS Version: N/A
- Serial Number: N/A
- Driver Name: COMSTAR FCOET
- Driver Version: 1.0
- Type: F-port
+ Model: QLE8362
+ Firmware Version: 8.8.4
+ FCode/BIOS Version: BIOS: 3.19; FCode: 4.02; EFI: 5.36;
+ Serial Number: 463916T+1507232753
+ Driver Name: COMSTAR QLT
+ Driver Version: 20200211-3.03
+ Type: L-port
State: online
- Supported Speeds: 1Gb 10Gb
- Current Speed: 10Gb
- Node WWN: 100000144fc2d509
+ Supported Speeds: 4Gb 8Gb 16Gb
+ Current Speed: 8Gb
+ Node WWN: 2000000e1e263e31
@@ -409,58 +470,211 @@
statistics for those ports:
- # fcinfo hba-port -l 210000e08b074cb5 210100e08b274cb5
-
- HBA Port WWN: 210000e08b074cb5
+ # fcinfo hba-port -l
+ HBA Port WWN: 10000090fab9070e
Port Mode: Initiator
- OS Device Name: /dev/cfg/c1
- Manufacturer: QLogic Corp.
- Model: 375-3108-xx
- Firmware Version: 3.3.116
- FCode/BIOS Version: 1.13.08
- Serial Number: 0402F00-0549112808
- Driver Name: qlc
- Driver Version: 20070212-2.19
+ Port ID: 10701
+ OS Device Name: /dev/cfg/c18
+ Manufacturer: Emulex
+ Model: 7101684
+ Firmware Version: 7101684 1.1.43.8
+ FCode/BIOS Version: Boot:1.1.43.8 Fcode:4.03a1
+ Serial Number: 4925382+154400006N
+ Driver Name: emlxs
+ Driver Version: 3.3.2.3 (2021.04.27.12.00)
Type: N-port
State: online
- Supported Speeds: 1Gb 2Gb
- Current Speed: 2Gb
- Node WWN: 200000e08b074cb5
+ Supported Speeds: 4Gb 8Gb 16Gb
+ Current Speed: 8Gb
+ Node WWN: 20000090fab9070e
Link Error Statistics:
- Link Failure Count: 0
- Loss of Sync Count: 0
- Loss of Signal Count: 0
+ Link Failure Count: 3
+ Loss of Sync Count: 8
+ Loss of Signal Count: 1
Primitive Seq Protocol Error Count: 0
- Invalid Tx Word Count: 0
+ Invalid Tx Word Count: 514
Invalid CRC Count: 0
- HBA Port WWN: 210100e08b274cb5
+ Max NPIV Ports: 127
+ NPIV port list:
+ HBA Port WWN: 10000090fab017e5
Port Mode: Initiator
- OS Device Name: /dev/cfg/c2
- Manufacturer: QLogic Corp.
- Model: 375-3108-xx
- Firmware Version: 3.3.116
- FCode/BIOS Version: 1.13.08
- Serial Number: 0402F00-0549112808
- Driver Name: qlc
- Driver Version: 20070212-2.19
- Type: N-port
- State: online
- Supported Speeds: 1Gb 2Gb
- Current Speed: 2Gb
- Node WWN: 200100e08b274cb5
+ Port ID: 0
+ OS Device Name: /dev/cfg/c11
+ Manufacturer: Emulex
+ Model: LPe12002-S
+ Firmware Version: LPe12002-S 2.01a12
+ FCode/BIOS Version: Boot:5.03a0
+ Serial Number: 4925384+152300015A
+ Driver Name: emlxs
+ Driver Version: 3.3.2.3 (2021.04.27.12.00)
+ Type: unknown
+ State: offline
+ Supported Speeds: 2Gb 4Gb 8Gb
+ Current Speed: not established
+ Node WWN: 20000090fab017e5
Link Error Statistics:
- Link Failure Count: 0
+ Link Failure Count: 1
Loss of Sync Count: 0
- Loss of Signal Count: 0
+ Loss of Signal Count: 2
Primitive Seq Protocol Error Count: 0
Invalid Tx Word Count: 0
Invalid CRC Count: 0
+ Max NPIV Ports: 255
+ NPIV port list:
+
+
+
+ Example 4 Listing HBA Ports with verbose information
+
+
+
+ The following command lists information for the HBA ports along with
+ driver instance and slot details
+
+
+ # fcinfo hba-port -v
+ HBA Port WWN: 10000090fab9070e
+ Port Mode: Initiator
+ Port ID: 10701
+ OS Device Name: /dev/cfg/c18
+ Manufacturer: Emulex
+ Model: 7101684
+ Firmware Version: 7101684 1.1.43.8
+ FCode/BIOS Version: Boot:1.1.43.8 Fcode:4.03a1
+ Serial Number: 4925382+154400006N
+ Driver Name: emlxs
+ Driver Version: 3.3.2.3 (2021.04.27.12.00)
+ Type: N-port
+ State: online
+ Supported Speeds: 4Gb 8Gb 16Gb
+ Current Speed: 8Gb
+ Node WWN: 20000090fab9070e
+ Driver Instance: 7
+ Slot: /SYS/MB/PCIE3/hba1
+ Max NPIV Ports: 127
+ NPIV port list:
+ HBA Port WWN: 2100000e1ee564d1
+ Port Mode: Initiator
+ Port ID: 10800
+ OS Device Name: /dev/cfg/c14
+ Manufacturer: Marvell Technology, Inc
+ Model: 7023303
+ Firmware Version: 8.08.04
+ FCode/BIOS Version: BIOS: 3.40; fcode: 4.10; EFI: 6.19;
+ Serial Number: 463916R+1713328298
+ Driver Name: qlc
+ Driver Version: 220520-5.11
+ Type: N-port
+ State: online
+ Supported Speeds: 4Gb 8Gb 16Gb
+ Current Speed: 8Gb
+ Node WWN: 2000000e1ee564d1
+ Driver Instance: 1
+ Slot: /SYS/MB/PCIE4/hba1
+ Max NPIV Ports: 7
+ NPIV port list:
+
+
+
+ Example 5 Display HBA Port information in a tabular format
+ The following command will display HBA Port information in tabular for-
+ mat
- Example 4 Listing All Remote Ports
+ # fcinfo hba-port -T
+ PORT_WWN PARENT_WWN MODE CTRL STATE SPEED
+ 10000090fab9070e NA Initiator c18 online 8Gb
+ 10000090fab9070d NA Initiator c17 offline not established
+ 2100000e1ee564d0 NA Initiator c13 online 16Gb
+ 2100000e1ee564d1 NA Initiator c14 online 8Gb
+ 2100000e1e263e30 NA Target unknown online 8Gb
+ 2100000e1e263e31 NA Target unknown online 8Gb
+
+
+
+ Example 6 Display HBA Port information in a tabular format with verbose
+ details
+
+
+
+ The following command will display HBA Port information along with ver-
+ bose in tabular format
+
+
+ # fcinfo hba-port -Tv
+ PORT_WWN PARENT_WWN MODE CTRL STATE SPEED NODE_WWN DRIVER_NAME DRV_INST SLOT
+ 10000090fab9070e NA Initiator c18 online 8Gb 20000090fab9070e emlxs 7 /SYS/MB/PCIE3/hba1
+ 10000090fab9070d NA Initiator c17 offline not established 20000090fab9070d emlxs 6 /SYS/MB/PCIE3/hba0
+ 2100000e1ee564d0 NA Initiator c13 online 16Gb 2000000e1ee564d0 qlc 0 /SYS/MB/PCIE4/hba0
+ 2100000e1ee564d1 NA Initiator c14 online 8Gb 2000000e1ee564d1 qlc 1 /SYS/MB/PCIE4/hba1
+ 2100000e1e263e30 NA Target unknown online 8Gb 2000000e1e263e30 COMSTAR QLT unknown unknown
+ 2100000e1e263e31 NA Target unknown online 8Gb 2000000e1e263e31 COMSTAR QLT unknown unknown
+
+
+
+ Example 7 Display only specific fields from HBA Port information
+
+
+
+ The following command will display HBA port information specific to
+ fields mentioned by the user in a Tabular format
+
+
+ # fcinfo hba-port -o "port_wwn,firmware_version,port_id,fcode_bios_version,model,phys_path"
+ PORT_WWN FIRMWARE_VERSION PORT_ID FCODE_BIOS_VERSION MODEL PHYS_PATH
+ 10000090fab017e4 LPe12002-S 2.01a12 11000 Boot:5.03a0 LPe12002-S /pci@7a,0/pci8086,2f06@2,2/pci10df,fc42@0/fp@0,0:fc
+ 10000090fab017e5 LPe12002-S 2.01a12 0 Boot:5.03a0 LPe12002-S /pci@7a,0/pci8086,2f06@2,2/pci10df,fc42@0,1/fp@0,0:fc
+ c0007ddf0cb5ff66 7101684 10.6.230.0 0 Boot:10.6.230.0 7101684 /pci@7a,0/pci8086,2f04@2/pci10df,e20e@0,1/fp@0,1:fc
+ c0007dc54976f22f 7101684 10.6.230.0 0 Boot:10.6.230.0 7101684 /pci@7a,0/pci8086,2f04@2/pci10df,e20e@0,1/fp@0,2:fc
+ 2100000e1e263e30 8.8.4 ef BIOS: 3.19; FCode: 4.02; EFI: 5.36; QLE8362 unknown
+ 2100000e1e263e31 8.8.4 ef BIOS: 3.19; FCode: 4.02; EFI: 5.36; QLE8362 unknown
+
+
+
+ Example 8 Display specific output fields of HBA Port information in
+ a parsable format
+
+
+
+ The following command will display only specific output fields of HBA
+ Port information in a parsable format
+
+
+ # fcinfo hba-port -O "port_wwn,firmware_version,port_id,fcode_bios_version,model,phys_path"
+ 10000090fab017e4:LPe12002-S 2.01a12:11000:Boot\:5.03a0:LPe12002-S:/pci@7a,0/pci8086,2f06@2,2/pci10df,fc42@0/fp@0,0\:fc
+ c0007d48a022a000:LPe12002-S 2.01a12:11001:Boot\:5.03a0:LPe12002-S:/pci@7a,0/pci8086,2f06@2,2/pci10df,fc42@0/fp@0,1\:fc
+ 10000090fab017e5:LPe12002-S 2.01a12:0:Boot\:5.03a0:LPe12002-S:/pci@7a,0/pci8086,2f06@2,2/pci10df,fc42@0,1/fp@0,0\:fc
+ 10000090fad935c8:7101684 10.6.230.0:0:Boot\:10.6.230.0:7101684:/pci@7a,0/pci8086,2f04@2/pci10df,e20e@0/fp@0,0\:fc
+ c0007d9456deda2b:7101684 10.6.230.0:0:Boot\:10.6.230.0:7101684:/pci@7a,0/pci8086,2f04@2/pci10df,e20e@0/fp@0,2\:fc
+ 2100000e1e263e30:8.8.4:ef: BIOS\: 3.19; FCode\: 4.02; EFI\: 5.36;:QLE8362 :unknown
+ 2100000e1e263e31:8.8.4:ef: BIOS\: 3.19; FCode\: 4.02; EFI\: 5.36;:QLE8362 :unknown
+
+
+
+ Example 9 Display HBA Port information in a tabular format with Link
+ Error Statistics
+
+
+
+ The following command will display HBA Port information along with Link
+ Error Statistic in tabular format
+
+
+ # fcinfo hba-port -Tl
+ PORT_WWN PARENT_WWN MODE CTRL STATE SPEED LINK_FAILURE_COUNT LOSS_SYNC_COUNT LOSS_SIGNAL_COUNT PROTOCOL_ERROR_COUNT TX_WORD_COUNT CRC_COUNT
+ 10000090fab9070e NA Initiator c18 online 8Gb 3 8 1 0 514 0
+ 10000090fab9070d NA Initiator c17 offline not established 0 0 0 0 4 0
+ 2100000e1ee564d0 NA Initiator c13 online 16Gb 0 0 0 0 0 0
+ 2100000e1ee564d1 NA Initiator c14 online 8Gb 0 0 0 0 0 0
+ 2100000e1e263e30 NA Target unknown online 8Gb 0 0 0 0 0 0
+ 2100000e1e263e31 NA Target unknown online 8Gb 0 0 0 0 0
+
+
+
+ Example 10 Listing All Remote Ports
@@ -524,8 +738,7 @@
-
- Example 5 Listing All Remote Ports of the Given HBA
+ Example 11 Listing All Remote Ports of the Given HBA
@@ -555,8 +768,7 @@
-
- Example 6 Listing Remote Ports and Link Statistics of the Given HBA
+ Example 12 Listing Remote Ports and Link Statistics of the Given HBA
@@ -663,8 +875,8 @@
-
- Example 7 Listing All SCSI Targets and Link Statistics on the Given HBA
+ Example 13 Listing All SCSI Targets and Link Statistics on the Given
+ HBA
@@ -843,8 +1055,7 @@
-
- Example 8 Listing All SCSI Targets and Link Statistics
+ Example 14 Listing All SCSI Targets and Link Statistics
@@ -980,8 +1191,7 @@
-
- Example 9 Listing SCSI Target Information on the Given HBA
+ Example 15 Listing SCSI Target Information on the Given HBA
@@ -1109,8 +1319,7 @@
Node WWN: 200100e08b296060
-
- Example 10 Listing the Logical Unit
+ Example 16 Listing the Logical Unit
@@ -1125,8 +1334,7 @@
-
- Example 11 Displaying Additional Information for the Logical Unit
+ Example 17 Displaying Additional Information for the Logical Unit
@@ -1152,8 +1360,7 @@
-
- Example 12 Displaying Additional Information for the Logical Unit on
+ Example 18 Displaying Additional Information for the Logical Unit on
the Given Remote Node WWN
@@ -1184,8 +1391,7 @@
-
- Example 13 Displaying Additional Information for the Logical Unit on
+ Example 19 Displaying Additional Information for the Logical Unit on
the Given Remote Port WWN
@@ -1222,8 +1428,7 @@
-
- Example 14 Adding an NPIV Port
+ Example 20 Adding an NPIV Port
@@ -1251,8 +1456,7 @@
-
- Example 15 Adding an NPIV Port with Random WWN
+ Example 21 Adding an NPIV Port with Random WWN
@@ -1268,8 +1472,7 @@
Physical HBA Port WWN: 210000e08b170f1c
-
- Example 16 Deleting an NPIV Port
+ Example 22 Deleting an NPIV Port
@@ -1279,8 +1482,7 @@
# fcadm delete-npiv-port -p 2000000000000001 210000e08b170f1c
-
- Example 17 Creating an FCoE Target Port
+ Example 23 Creating an FCoE Target Port
@@ -1291,8 +1493,7 @@
# fcadm create-fcoe-port -t nxge0
-
- Example 18 Deleting an FCoE Port
+ Example 24 Deleting an FCoE Port
@@ -1303,8 +1504,7 @@
# fcadm delete-fcoe-port -t nxge0
-
- Example 19 Listing Information for all FCoE Ports
+ Example 25 Listing Information for all FCoE Ports
@@ -1339,8 +1539,7 @@
FCoE Hardware Offload: Supported
-
- Example 20 Listing Information for all FCoE Initiator Ports
+ Example 26 Listing Information for all FCoE Initiator Ports
@@ -1363,8 +1562,7 @@
FCoE Hardware Offload: Supported
-
- Example 21 Listing Information for all FCoE Target Ports
+ Example 27 Listing Information for all FCoE Target Ports
@@ -1387,8 +1585,7 @@
FCoE Hardware Offload: Supported
-
- Example 22 Listing Verbose Information for an FCoE Port
+ Example 28 Listing Verbose Information for an FCoE Port
@@ -1418,8 +1615,7 @@
MAX LRO Size: 131072
-
- Example 23 Reinitializing the Link of an FC Port
+ Example 29 Reinitializing the Link of an FC Port
@@ -1470,4 +1666,4 @@
-Oracle Solaris 11.4 11 May 2021 fcinfo(8)
+Oracle Solaris 11.4 20 Feb 2023 fcinfo(8)
diff -NurbBw 11.4.57/man8/fcinfo.8 11.4.60/man8/fcinfo.8
--- 11.4.57/man8/fcinfo.8 2023-08-23 17:32:56.541831870 -0700
+++ 11.4.60/man8/fcinfo.8 2023-08-23 17:33:25.414114564 -0700
@@ -6,10 +6,10 @@
fcinfo, fcadm - Fibre Channel HBA Port Command Line Interface
SYNOPSIS
- fcinfo hba-port [-lite] [HBA_port_WWN]...
+ fcinfo hba-port [-Tvlite] [-o output_fields | -O output_fields] [HBA_port_WWN]...
- fcadm hba-port [-lite] [HBA_port_WWN]...
+ fcadm hba-port [-Tvlite] [HBA_port_WWN]...
fcinfo remote-port [-ls] [-p HBA_port_WWN]
@@ -77,10 +77,16 @@
hba-port Lists information for the HBA port referenced by
the specified HBA_port_WWN. If -i and -t options
- are not specified, all initiator mode and target
- mode Fibre Channel HBA ports on the host will be
+ are not specified, both initiator and target mode
+ Fibre Channel HBA ports on the host will be
listed.
+ If -T option is used then the most common fields
+ are displayed in a tabular format. User can over-
+ ride the default fields with either -o option for
+ human readable output or with -O option for
+ parsable output.
+
remote-port Lists the remote-port information for those remote
ports that are specified. If no Remote_port_WWN
@@ -165,12 +171,24 @@
interface.
+ -i, --initiator
+
+ Lists the information for initiator mode ports only.
+
+
-l, --linkstat
Lists the link error statistics information for the port referenced
by the specified HBA_port_WWN or Remote_port_WWN.
+ -N Remote_node_WWN, --remote-node Remote_node_WWN
+
+ Retrieves information of all logical units on the remote port spec-
+ ified by Remote_node_WWN. This option applies only to the subcom-
+ mand logical-unit | lu.
+
+
-n HBA_node_WWN, --node HBA_node_WWN
When used with NPIV options, specify a virtual node WWN. If used
@@ -182,26 +200,99 @@
generated based on the MAC address of the specified MAC interface.
- -p HBA_port_WWN, --port HBA_port_WWN
+ -O output_fields, --parsable output_fields
- Retrieve remote port information from the HBA_port_WWN of the local
- HBA port on the host. When used with the remote-port subcommand,
- the -p option is mandatory.
+ Displays HBA Port information in parsable format. Columns are not
+ indented, instead values are separated by ':'
- When used with NPIV options, specify a virtual port WWN. If used
- with create-npiv-port, it can be omitted, and a random based WWN
- will be used. It is mandatory for delete-npiv-port.
+ To find which NPIV ports correspond to a particular physical port,
+ user should use the contents of the field PARENT_WWN, which con-
+ tains the port WWN of the parent physical port.
- When used with create-fcoe-port subcommand, specify the port WWN
- for the FCoE port. It can be omitted, in which case a WWN will be
- generated based on the MAC address of the specified MAC interface.
+ -o output_fields, --tabular output_fields
- -N Remote_node_WWN, --remote-node Remote_node_WWN
+ Enables the user to choose HBA Port output fields to be displayed
+ in a tabular format. Field names must be one of the fields listed
+ below:
+
+ o crc_count
+
+
+ o ctrl
+
+
+ o driver_name
+
+
+ o driver_version
+
+
+ o drv_inst
+
+
+ o fcode_bios_version
+
+
+ o firmware_version
+
+
+ o link_failure_count
+
+
+ o loss_signal_count
+
+
+ o loss_sync_count
+
+
+ o manufacturer
+
+
+ o mode
+
+
+ o model
+
+
+ o node_wwn
+
+
+ o parent_wwn
+
+
+ o protocol_error_count
+
+
+ o phys_path
+
+
+ o port_id
+
+
+ o port_type
+
+
+ o port_wwn
+
+
+ o serial_number
+
+
+ o slot
+
+
+ o speed
+
+
+ o state
+
+
+ o supported_speeds
+
+
+ o tx_word_count
- Retrieves information of all logical units on the remote port spec-
- ified by Remote_node_WWN. This option applies only to the subcom-
- mand logical-unit | lu.
-P Remote_port_WWN, --remote-port Remote_node_WWN
@@ -211,6 +302,21 @@
mand logical-unit | lu.
+ -p HBA_port_WWN, --port HBA_port_WWN
+
+ Retrieve remote port information from the HBA_port_WWN of the local
+ HBA port on the host. When used with the remote-port subcommand,
+ the -p option is mandatory.
+
+ When used with NPIV options, specify a virtual port WWN. If used
+ with create-npiv-port, it can be omitted, and a random based WWN
+ will be used. It is mandatory for delete-npiv-port.
+
+ When used with create-fcoe-port subcommand, specify the port WWN
+ for the FCoE port. It can be omitted, in which case a WWN will be
+ generated based on the MAC address of the specified MAC interface.
+
+
-s, --scsi-target
Lists the SCSI target information for all remote ports the user has
@@ -222,9 +328,16 @@
applies only to an initiator mode port.
- -i, --initiator
+ -T, --tabular-default
- Lists the information for initiator mode ports only.
+ Displays default HBA Port information in a tabular format. Default
+ output fields are PORT_WWN, PARENT_WWN, MODE, CTRL, STATE and SPEED
+
+ In tabular format, NPIV ports are listed alongside physical ports.
+ NPIV ports belonging to a physical port are listed just below it.
+ For an NPIV port, the field PARENT_WWN contains port WWN of the
+ corresponding physical port. For a physical port, the field PAR-
+ ENT_WWN contains 'NA'
-t, --target
@@ -234,18 +347,21 @@
When used with create-fcoe-port, creates a FCoE target mode port.
- -v, --verbose
+ -V, --version
- When used with the logical-unit subcommand, the -v displays addi-
- tional information for the logical unit, including SCSI vendor and
- product information and device type as well as the FC World-Wide
- names for the local and remote Fibre Channel ports to which this
- device is attached.
+ Displays the version information.
- -V, --version
+ -v, --verbose
- Displays the version information.
+ When used with hba-port subcommand, -v will additionally display
+ driver instance and slot information. When combined with -T, it
+ will add node wwn, driver name, driver instance and slot informa-
+ tion to the default tabular output. When used with the logical-unit
+ subcommand, the -v displays additional information for the logical
+ unit, including SCSI vendor and product information and device type
+ as well as the FC World-Wide names for the local and remote Fibre
+ Channel ports to which this device is attached.
-?, --help
@@ -263,71 +379,42 @@
# fcinfo hba-port -i
-
- HBA Port WWN: 210000e08b074cb5
- Port Mode: Initiator
- OS Device Name: /dev/cfg/c1
- Manufacturer: QLogic Corp.
- Model: 375-3108-xx
- Firmware Version: 3.3.116
- FCode/BIOS Version: 1.13.08
- Serial Number: not available
- Driver Name: qlc
- Driver Version: 20070212-2.19
- Type: N-port
- State: online
- Supported Speeds: 1Gb 2Gb
- Current Speed: 2Gb
- Node WWN: 200000e08b074cb5
- NPIV Port List:
- Virtual Port 1:
- Port WWN: 200000e08b074cb1
- Node WWN: 200000e08b074cb3
- HBA Port WWN: 210100e08b274cb5
+ HBA Port WWN: 10000090fab9070e
Port Mode: Initiator
- OS Device Name: /dev/cfg/c2
- Manufacturer: QLogic Corp.
- Model: 375-3108-xx
- Firmware Version: 3.3.116
- FCode/BIOS Version: 1.13.08
- Serial Number: not available
- Driver Name: qlc
- Driver Version: 20070212-2.19
+ Port ID: 10701
+ OS Device Name: /dev/cfg/c18
+ Manufacturer: Emulex
+ Model: 7101684
+ Firmware Version: 7101684 1.1.43.8
+ FCode/BIOS Version: Boot:1.1.43.8 Fcode:4.03a1
+ Serial Number: 4925382+154400006N
+ Driver Name: emlxs
+ Driver Version: 3.3.2.3 (2021.04.27.12.00)
Type: N-port
State: online
- Supported Speeds: 1Gb 2Gb
- Current Speed: 2Gb
- Node WWN: 200100e08b274cb5
- HBA Port WWN: 210000e08b072ab5
- Port Mode: Initiator
- OS Device Name: /dev/cfg/c3
- Manufacturer: QLogic Corp.
- Firmware Version: 3.3.116
- FCode/BIOS Version: 1.13.08
- Model: 375-3108-xx
- Serial Number: not available
- Driver Name: qlc
- Driver Version: 20070212-2.19
- Type: L-port
- State: online
- Supported Speeds: 1Gb 2Gb
- Current Speed: 2Gb
- Node WWN: 200000e08b072ab5
- HBA Port WWN: 210100e08b272ab5
+ Supported Speeds: 4Gb 8Gb 16Gb
+ Current Speed: 8Gb
+ Node WWN: 20000090fab9070e
+ Max NPIV Ports: 127
+ NPIV port list:
+ HBA Port WWN: 2100000e1ee564d1
Port Mode: Initiator
- OS Device Name: /dev/cfg/c4
- Manufacturer: QLogic Corp.
- Model: 375-3108-xx
- Firmware Version: 3.3.116
- FCode/BIOS Version: 1.13.08
- Serial Number: 0402F00-0549112808
+ Port ID: 10800
+ OS Device Name: /dev/cfg/c14
+ Manufacturer: Marvell Technology, Inc
+ Model: 7023303
+ Firmware Version: 8.08.04
+ FCode/BIOS Version: BIOS: 3.40; fcode: 4.10; EFI: 6.19;
+ Serial Number: 463916R+1713328298
Driver Name: qlc
- Driver Version: 20070212-2.19
+ Driver Version: 220520-5.11
Type: N-port
State: online
- Supported Speeds: 1Gb 2Gb
- Current Speed: 2Gb
- Node WWN: 200100e08b272ab5
+ Supported Speeds: 4Gb 8Gb 16Gb
+ Current Speed: 8Gb
+ Node WWN: 2000000e1ee564d1
+ Max NPIV Ports: 7
+ NPIV port list:
@@ -340,64 +427,38 @@
# fcinfo hba-port -t
- HBA Port WWN: 210100e08bb09221
+ HBA Port WWN: 2100000e1e263e30
Port Mode: Target
- Port ID: 10700
+ Port ID: ef
OS Device Name: Not Applicable
Manufacturer: QLogic Corp.
- Model: d30ac7e0
- Firmware Version: 4.0.109
- FCode/BIOS Version: N/A
- Type: F-port
+ Model: QLE8362
+ Firmware Version: 8.8.4
+ FCode/BIOS Version: BIOS: 3.19; FCode: 4.02; EFI: 5.36;
+ Serial Number: 463916T+1507232753
+ Driver Name: COMSTAR QLT
+ Driver Version: 20200211-3.03
+ Type: L-port
State: online
- Supported Speeds: not established
- Current Speed: 2Gb
- Node WWN: 200100e08bb09221
- HBA Port WWN: 210000e08b909221
+ Supported Speeds: 4Gb 8Gb 16Gb
+ Current Speed: 8Gb
+ Node WWN: 2000000e1e263e30
+ HBA Port WWN: 2100000e1e263e31
Port Mode: Target
- Port ID: 10900
+ Port ID: ef
OS Device Name: Not Applicable
Manufacturer: QLogic Corp.
- Model: d37ad1e0
- Firmware Version: 4.0.109
- FCode/BIOS Version: N/A
- Type: F-port
- State: online
- Supported Speeds: not established
- Current Speed: 2Gb
- Node WWN: 200000e08b909221
- HBA Port WWN: 200000144fc2d508
- Port Mode: Target
- Port ID: 9a0025
- OS Device Name: Not Applicable
- Manufacturer: Sun Microsystems, Inc.
- Model: FCoE Virtual FC HBA
- Firmware Version: N/A
- FCode/BIOS Version: N/A
- Serial Number: N/A
- Driver Name: COMSTAR FCOET
- Driver Version: 1.0
- Type: F-port
- State: online
- Supported Speeds: 1Gb 10Gb
- Current Speed: 10Gb
- Node WWN: 100000144fc2d508
- HBA Port WWN: 200000144fc2d509
- Port Mode: Target
- Port ID: 9a0023
- OS Device Name: Not Applicable
- Manufacturer: Sun Microsystems, Inc.
- Model: FCoE Virtual FC HBA
- Firmware Version: N/A
- FCode/BIOS Version: N/A
- Serial Number: N/A
- Driver Name: COMSTAR FCOET
- Driver Version: 1.0
- Type: F-port
+ Model: QLE8362
+ Firmware Version: 8.8.4
+ FCode/BIOS Version: BIOS: 3.19; FCode: 4.02; EFI: 5.36;
+ Serial Number: 463916T+1507232753
+ Driver Name: COMSTAR QLT
+ Driver Version: 20200211-3.03
+ Type: L-port
State: online
- Supported Speeds: 1Gb 10Gb
- Current Speed: 10Gb
- Node WWN: 100000144fc2d509
+ Supported Speeds: 4Gb 8Gb 16Gb
+ Current Speed: 8Gb
+ Node WWN: 2000000e1e263e31
@@ -409,58 +470,211 @@
statistics for those ports:
- # fcinfo hba-port -l 210000e08b074cb5 210100e08b274cb5
-
- HBA Port WWN: 210000e08b074cb5
+ # fcinfo hba-port -l
+ HBA Port WWN: 10000090fab9070e
Port Mode: Initiator
- OS Device Name: /dev/cfg/c1
- Manufacturer: QLogic Corp.
- Model: 375-3108-xx
- Firmware Version: 3.3.116
- FCode/BIOS Version: 1.13.08
- Serial Number: 0402F00-0549112808
- Driver Name: qlc
- Driver Version: 20070212-2.19
+ Port ID: 10701
+ OS Device Name: /dev/cfg/c18
+ Manufacturer: Emulex
+ Model: 7101684
+ Firmware Version: 7101684 1.1.43.8
+ FCode/BIOS Version: Boot:1.1.43.8 Fcode:4.03a1
+ Serial Number: 4925382+154400006N
+ Driver Name: emlxs
+ Driver Version: 3.3.2.3 (2021.04.27.12.00)
Type: N-port
State: online
- Supported Speeds: 1Gb 2Gb
- Current Speed: 2Gb
- Node WWN: 200000e08b074cb5
+ Supported Speeds: 4Gb 8Gb 16Gb
+ Current Speed: 8Gb
+ Node WWN: 20000090fab9070e
Link Error Statistics:
- Link Failure Count: 0
- Loss of Sync Count: 0
- Loss of Signal Count: 0
+ Link Failure Count: 3
+ Loss of Sync Count: 8
+ Loss of Signal Count: 1
Primitive Seq Protocol Error Count: 0
- Invalid Tx Word Count: 0
+ Invalid Tx Word Count: 514
Invalid CRC Count: 0
- HBA Port WWN: 210100e08b274cb5
+ Max NPIV Ports: 127
+ NPIV port list:
+ HBA Port WWN: 10000090fab017e5
Port Mode: Initiator
- OS Device Name: /dev/cfg/c2
- Manufacturer: QLogic Corp.
- Model: 375-3108-xx
- Firmware Version: 3.3.116
- FCode/BIOS Version: 1.13.08
- Serial Number: 0402F00-0549112808
- Driver Name: qlc
- Driver Version: 20070212-2.19
- Type: N-port
- State: online
- Supported Speeds: 1Gb 2Gb
- Current Speed: 2Gb
- Node WWN: 200100e08b274cb5
+ Port ID: 0
+ OS Device Name: /dev/cfg/c11
+ Manufacturer: Emulex
+ Model: LPe12002-S
+ Firmware Version: LPe12002-S 2.01a12
+ FCode/BIOS Version: Boot:5.03a0
+ Serial Number: 4925384+152300015A
+ Driver Name: emlxs
+ Driver Version: 3.3.2.3 (2021.04.27.12.00)
+ Type: unknown
+ State: offline
+ Supported Speeds: 2Gb 4Gb 8Gb
+ Current Speed: not established
+ Node WWN: 20000090fab017e5
Link Error Statistics:
- Link Failure Count: 0
+ Link Failure Count: 1
Loss of Sync Count: 0
- Loss of Signal Count: 0
+ Loss of Signal Count: 2
Primitive Seq Protocol Error Count: 0
Invalid Tx Word Count: 0
Invalid CRC Count: 0
+ Max NPIV Ports: 255
+ NPIV port list:
+
+
+
+ Example 4 Listing HBA Ports with verbose information
+
+
+
+ The following command lists information for the HBA ports along with
+ driver instance and slot details
+
+
+ # fcinfo hba-port -v
+ HBA Port WWN: 10000090fab9070e
+ Port Mode: Initiator
+ Port ID: 10701
+ OS Device Name: /dev/cfg/c18
+ Manufacturer: Emulex
+ Model: 7101684
+ Firmware Version: 7101684 1.1.43.8
+ FCode/BIOS Version: Boot:1.1.43.8 Fcode:4.03a1
+ Serial Number: 4925382+154400006N
+ Driver Name: emlxs
+ Driver Version: 3.3.2.3 (2021.04.27.12.00)
+ Type: N-port
+ State: online
+ Supported Speeds: 4Gb 8Gb 16Gb
+ Current Speed: 8Gb
+ Node WWN: 20000090fab9070e
+ Driver Instance: 7
+ Slot: /SYS/MB/PCIE3/hba1
+ Max NPIV Ports: 127
+ NPIV port list:
+ HBA Port WWN: 2100000e1ee564d1
+ Port Mode: Initiator
+ Port ID: 10800
+ OS Device Name: /dev/cfg/c14
+ Manufacturer: Marvell Technology, Inc
+ Model: 7023303
+ Firmware Version: 8.08.04
+ FCode/BIOS Version: BIOS: 3.40; fcode: 4.10; EFI: 6.19;
+ Serial Number: 463916R+1713328298
+ Driver Name: qlc
+ Driver Version: 220520-5.11
+ Type: N-port
+ State: online
+ Supported Speeds: 4Gb 8Gb 16Gb
+ Current Speed: 8Gb
+ Node WWN: 2000000e1ee564d1
+ Driver Instance: 1
+ Slot: /SYS/MB/PCIE4/hba1
+ Max NPIV Ports: 7
+ NPIV port list:
+
+
+
+ Example 5 Display HBA Port information in a tabular format
+ The following command will display HBA Port information in tabular for-
+ mat
- Example 4 Listing All Remote Ports
+ # fcinfo hba-port -T
+ PORT_WWN PARENT_WWN MODE CTRL STATE SPEED
+ 10000090fab9070e NA Initiator c18 online 8Gb
+ 10000090fab9070d NA Initiator c17 offline not established
+ 2100000e1ee564d0 NA Initiator c13 online 16Gb
+ 2100000e1ee564d1 NA Initiator c14 online 8Gb
+ 2100000e1e263e30 NA Target unknown online 8Gb
+ 2100000e1e263e31 NA Target unknown online 8Gb
+
+
+
+ Example 6 Display HBA Port information in a tabular format with verbose
+ details
+
+
+
+ The following command will display HBA Port information along with ver-
+ bose in tabular format
+
+
+ # fcinfo hba-port -Tv
+ PORT_WWN PARENT_WWN MODE CTRL STATE SPEED NODE_WWN DRIVER_NAME DRV_INST SLOT
+ 10000090fab9070e NA Initiator c18 online 8Gb 20000090fab9070e emlxs 7 /SYS/MB/PCIE3/hba1
+ 10000090fab9070d NA Initiator c17 offline not established 20000090fab9070d emlxs 6 /SYS/MB/PCIE3/hba0
+ 2100000e1ee564d0 NA Initiator c13 online 16Gb 2000000e1ee564d0 qlc 0 /SYS/MB/PCIE4/hba0
+ 2100000e1ee564d1 NA Initiator c14 online 8Gb 2000000e1ee564d1 qlc 1 /SYS/MB/PCIE4/hba1
+ 2100000e1e263e30 NA Target unknown online 8Gb 2000000e1e263e30 COMSTAR QLT unknown unknown
+ 2100000e1e263e31 NA Target unknown online 8Gb 2000000e1e263e31 COMSTAR QLT unknown unknown
+
+
+
+ Example 7 Display only specific fields from HBA Port information
+
+
+
+ The following command will display HBA port information specific to
+ fields mentioned by the user in a Tabular format
+
+
+ # fcinfo hba-port -o "port_wwn,firmware_version,port_id,fcode_bios_version,model,phys_path"
+ PORT_WWN FIRMWARE_VERSION PORT_ID FCODE_BIOS_VERSION MODEL PHYS_PATH
+ 10000090fab017e4 LPe12002-S 2.01a12 11000 Boot:5.03a0 LPe12002-S /pci@7a,0/pci8086,2f06@2,2/pci10df,fc42@0/fp@0,0:fc
+ 10000090fab017e5 LPe12002-S 2.01a12 0 Boot:5.03a0 LPe12002-S /pci@7a,0/pci8086,2f06@2,2/pci10df,fc42@0,1/fp@0,0:fc
+ c0007ddf0cb5ff66 7101684 10.6.230.0 0 Boot:10.6.230.0 7101684 /pci@7a,0/pci8086,2f04@2/pci10df,e20e@0,1/fp@0,1:fc
+ c0007dc54976f22f 7101684 10.6.230.0 0 Boot:10.6.230.0 7101684 /pci@7a,0/pci8086,2f04@2/pci10df,e20e@0,1/fp@0,2:fc
+ 2100000e1e263e30 8.8.4 ef BIOS: 3.19; FCode: 4.02; EFI: 5.36; QLE8362 unknown
+ 2100000e1e263e31 8.8.4 ef BIOS: 3.19; FCode: 4.02; EFI: 5.36; QLE8362 unknown
+
+
+
+ Example 8 Display specific output fields of HBA Port information in
+ a parsable format
+
+
+
+ The following command will display only specific output fields of HBA
+ Port information in a parsable format
+
+
+ # fcinfo hba-port -O "port_wwn,firmware_version,port_id,fcode_bios_version,model,phys_path"
+ 10000090fab017e4:LPe12002-S 2.01a12:11000:Boot\:5.03a0:LPe12002-S:/pci@7a,0/pci8086,2f06@2,2/pci10df,fc42@0/fp@0,0\:fc
+ c0007d48a022a000:LPe12002-S 2.01a12:11001:Boot\:5.03a0:LPe12002-S:/pci@7a,0/pci8086,2f06@2,2/pci10df,fc42@0/fp@0,1\:fc
+ 10000090fab017e5:LPe12002-S 2.01a12:0:Boot\:5.03a0:LPe12002-S:/pci@7a,0/pci8086,2f06@2,2/pci10df,fc42@0,1/fp@0,0\:fc
+ 10000090fad935c8:7101684 10.6.230.0:0:Boot\:10.6.230.0:7101684:/pci@7a,0/pci8086,2f04@2/pci10df,e20e@0/fp@0,0\:fc
+ c0007d9456deda2b:7101684 10.6.230.0:0:Boot\:10.6.230.0:7101684:/pci@7a,0/pci8086,2f04@2/pci10df,e20e@0/fp@0,2\:fc
+ 2100000e1e263e30:8.8.4:ef: BIOS\: 3.19; FCode\: 4.02; EFI\: 5.36;:QLE8362 :unknown
+ 2100000e1e263e31:8.8.4:ef: BIOS\: 3.19; FCode\: 4.02; EFI\: 5.36;:QLE8362 :unknown
+
+
+
+ Example 9 Display HBA Port information in a tabular format with Link
+ Error Statistics
+
+
+
+ The following command will display HBA Port information along with Link
+ Error Statistic in tabular format
+
+
+ # fcinfo hba-port -Tl
+ PORT_WWN PARENT_WWN MODE CTRL STATE SPEED LINK_FAILURE_COUNT LOSS_SYNC_COUNT LOSS_SIGNAL_COUNT PROTOCOL_ERROR_COUNT TX_WORD_COUNT CRC_COUNT
+ 10000090fab9070e NA Initiator c18 online 8Gb 3 8 1 0 514 0
+ 10000090fab9070d NA Initiator c17 offline not established 0 0 0 0 4 0
+ 2100000e1ee564d0 NA Initiator c13 online 16Gb 0 0 0 0 0 0
+ 2100000e1ee564d1 NA Initiator c14 online 8Gb 0 0 0 0 0 0
+ 2100000e1e263e30 NA Target unknown online 8Gb 0 0 0 0 0 0
+ 2100000e1e263e31 NA Target unknown online 8Gb 0 0 0 0 0
+
+
+
+ Example 10 Listing All Remote Ports
@@ -524,8 +738,7 @@
-
- Example 5 Listing All Remote Ports of the Given HBA
+ Example 11 Listing All Remote Ports of the Given HBA
@@ -555,8 +768,7 @@
-
- Example 6 Listing Remote Ports and Link Statistics of the Given HBA
+ Example 12 Listing Remote Ports and Link Statistics of the Given HBA
@@ -663,8 +875,8 @@
-
- Example 7 Listing All SCSI Targets and Link Statistics on the Given HBA
+ Example 13 Listing All SCSI Targets and Link Statistics on the Given
+ HBA
@@ -843,8 +1055,7 @@
-
- Example 8 Listing All SCSI Targets and Link Statistics
+ Example 14 Listing All SCSI Targets and Link Statistics
@@ -980,8 +1191,7 @@
-
- Example 9 Listing SCSI Target Information on the Given HBA
+ Example 15 Listing SCSI Target Information on the Given HBA
@@ -1109,8 +1319,7 @@
Node WWN: 200100e08b296060
-
- Example 10 Listing the Logical Unit
+ Example 16 Listing the Logical Unit
@@ -1125,8 +1334,7 @@
-
- Example 11 Displaying Additional Information for the Logical Unit
+ Example 17 Displaying Additional Information for the Logical Unit
@@ -1152,8 +1360,7 @@
-
- Example 12 Displaying Additional Information for the Logical Unit on
+ Example 18 Displaying Additional Information for the Logical Unit on
the Given Remote Node WWN
@@ -1184,8 +1391,7 @@
-
- Example 13 Displaying Additional Information for the Logical Unit on
+ Example 19 Displaying Additional Information for the Logical Unit on
the Given Remote Port WWN
@@ -1222,8 +1428,7 @@
-
- Example 14 Adding an NPIV Port
+ Example 20 Adding an NPIV Port
@@ -1251,8 +1456,7 @@
-
- Example 15 Adding an NPIV Port with Random WWN
+ Example 21 Adding an NPIV Port with Random WWN
@@ -1268,8 +1472,7 @@
Physical HBA Port WWN: 210000e08b170f1c
-
- Example 16 Deleting an NPIV Port
+ Example 22 Deleting an NPIV Port
@@ -1279,8 +1482,7 @@
# fcadm delete-npiv-port -p 2000000000000001 210000e08b170f1c
-
- Example 17 Creating an FCoE Target Port
+ Example 23 Creating an FCoE Target Port
@@ -1291,8 +1493,7 @@
# fcadm create-fcoe-port -t nxge0
-
- Example 18 Deleting an FCoE Port
+ Example 24 Deleting an FCoE Port
@@ -1303,8 +1504,7 @@
# fcadm delete-fcoe-port -t nxge0
-
- Example 19 Listing Information for all FCoE Ports
+ Example 25 Listing Information for all FCoE Ports
@@ -1339,8 +1539,7 @@
FCoE Hardware Offload: Supported
-
- Example 20 Listing Information for all FCoE Initiator Ports
+ Example 26 Listing Information for all FCoE Initiator Ports
@@ -1363,8 +1562,7 @@
FCoE Hardware Offload: Supported
-
- Example 21 Listing Information for all FCoE Target Ports
+ Example 27 Listing Information for all FCoE Target Ports
@@ -1387,8 +1585,7 @@
FCoE Hardware Offload: Supported
-
- Example 22 Listing Verbose Information for an FCoE Port
+ Example 28 Listing Verbose Information for an FCoE Port
@@ -1418,8 +1615,7 @@
MAX LRO Size: 131072
-
- Example 23 Reinitializing the Link of an FC Port
+ Example 29 Reinitializing the Link of an FC Port
@@ -1470,4 +1666,4 @@
-Oracle Solaris 11.4 11 May 2021 fcinfo(8)
+Oracle Solaris 11.4 20 Feb 2023 fcinfo(8)
diff -NurbBw 11.4.57/man8/iostat.8 11.4.60/man8/iostat.8
--- 11.4.57/man8/iostat.8 2023-08-23 17:32:56.577306192 -0700
+++ 11.4.60/man8/iostat.8 2023-08-23 17:33:25.453595858 -0700
@@ -6,7 +6,7 @@
iostat - report I/O statistics
SYNOPSIS
- /usr/bin/iostat [-cCdDeEiILmMnpPrstwxXYuz] [-l n] [-T u | d]
+ /usr/bin/iostat [-cCdDeEiILmMnNpPrsStwxXYuz] [-l n] [-T u | d]
[disk]... [interval [count]]
DESCRIPTION
@@ -160,6 +160,10 @@
-E Display all device error statistics.
+ -N Print devchassis-path names for device only. Must be used
+ with -x.
+
+
-i In -E output, display the Device ID instead of the Serial
No. The Device Id is a unique identifier registered by a
driver through ddi_devid_register(9F).
@@ -224,6 +228,9 @@
-s Suppress messages related to state changes.
+ -S Append a separator line after each iteration.
+
+
-t Report the number of characters read and written to termi-
nals per second.
@@ -543,4 +550,4 @@
-Oracle Solaris 11.4 04 Jan 2021 iostat(8)
+Oracle Solaris 11.4 14 March 2023 iostat(8)
diff -NurbBw 11.4.57/man8/ldm.8 11.4.60/man8/ldm.8
--- 11.4.57/man8/ldm.8 2023-08-23 17:32:56.743715542 -0700
+++ 11.4.60/man8/ldm.8 2023-08-23 17:33:25.629057942 -0700
@@ -7172,13 +7171,15 @@
attributes.
- +-------------------------------------------------------------+
- |Attribute Type Attribute Value |
- +-------------------------------------------------------------+
- |Availability pkg:/system/ldoms/ldomsmanager |
- +-------------------------------------------------------------+
- |Interface Stability Uncommitted |
- +-------------------------------------------------------------+
+ +-----------------------------+-----------------------------+
+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+ +-----------------------------+-----------------------------+
+ |Architecture |SPARC |
+ +-----------------------------+-----------------------------+
+ |Availability |system/ldoms/ldomsmanager |
+ +-----------------------------+-----------------------------+
+ |Interface Stability |Uncommitted |
+ +-----------------------------+-----------------------------+
SEE ALSO
attributes(7), dumpadm(8), ifconfig(8), shutdown(8), vntsd(8)
@@ -7188,4 +7189,4 @@
-Oracle Solaris 11.4 04 Jan 2023 ldm(8)
+Oracle Solaris 11.4 14 Jun 2023 ldm(8)
diff -NurbBw 11.4.57/man8/ldmad.8 11.4.60/man8/ldmad.8
--- 11.4.57/man8/ldmad.8 2023-08-23 17:32:56.772974668 -0700
+++ 11.4.60/man8/ldmad.8 2023-08-23 17:33:25.659552843 -0700
@@ -27,6 +27,8 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
+ |Architecture |SPARC |
+ +-----------------------------+-----------------------------+
|Availability |system/ldoms |
+-----------------------------+-----------------------------+
|Interface Stability |Unstable |
@@ -36,7 +38,7 @@
svcs(1), syslog(3C), syslog.conf(5), attributes(7), smf(7), svcadm(8)
- Oracle VM Server for SPARC 2.0 Administration Guide
+ Oracle VM Server for SPARC 3.6 Administration Guide
ERRORS
ldmad uses syslog(3C) to report status and error messages. Error mes-
@@ -59,4 +61,4 @@
-Oracle Solaris 11.4 27 Apr 2010 ldmad(8)
+Oracle Solaris 11.4 14 Jun 2023 ldmad(8)
diff -NurbBw 11.4.57/man8/ldmconsole.8 11.4.60/man8/ldmconsole.8
--- 11.4.57/man8/ldmconsole.8 2023-08-23 17:32:56.802849549 -0700
+++ 11.4.60/man8/ldmconsole.8 2023-08-23 17:33:25.690812553 -0700
@@ -75,13 +75,15 @@
attribute.
- +-------------------------------------------------------------+
- |Attribute Type Attribute Value |
- +-------------------------------------------------------------+
- |Availability pkg:/system/ldoms/ldomsmanager |
- +-------------------------------------------------------------+
- |Interface Stability Uncommitted |
- +-------------------------------------------------------------+
+ +-----------------------------+-----------------------------+
+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+ +-----------------------------+-----------------------------+
+ |Architecture |SPARC |
+ +-----------------------------+-----------------------------+
+ |Availability |system/ldoms/ldomsmanager |
+ +-----------------------------+-----------------------------+
+ |Interface Stability |Uncommitted |
+ +-----------------------------+-----------------------------+
SEE ALSO
attributes(7), ldm(8), vntsd(8)
@@ -91,4 +93,4 @@
-Oracle Solaris 11.4 22 Feb 2018 ldmconsole(8)
+Oracle Solaris 11.4 14 Jun 2023 ldmconsole(8)
diff -NurbBw 11.4.57/man8/ldmd.8 11.4.60/man8/ldmd.8
--- 11.4.57/man8/ldmd.8 2023-08-23 17:32:56.842687789 -0700
+++ 11.4.60/man8/ldmd.8 2023-08-23 17:33:25.726934131 -0700
@@ -428,17 +428,19 @@
attributes.
- +-------------------------------------------------------------+
- |Attribute Type Attribute Value |
- +-------------------------------------------------------------+
- |Availability pkg:/system/ldoms/ldomsmanager |
- +-------------------------------------------------------------+
- |Interface Stability Uncommitted |
- +-------------------------------------------------------------+
+ +-----------------------------+-----------------------------+
+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+ +-----------------------------+-----------------------------+
+ |Architecture |SPARC |
+ +-----------------------------+-----------------------------+
+ |Availability |system/ldoms/ldomsmanager |
+ +-----------------------------+-----------------------------+
+ |Interface Stability |Uncommitted |
+ +-----------------------------+-----------------------------+
SEE ALSO
- svcs(1), attributes(7), smf(7), drd(8), ldm(8), ldmad(8), ldm-
- power(8), svcadm(8), vntsd(8)
+ svcs(1), attributes(7), smf(7), drd(8), ldm(8), ldmad(8), ldmpower(8),
+ svcadm(8), vntsd(8)
NOTES
The ldmd service is managed by the Service Management Facility (SMF)
@@ -460,4 +462,4 @@
-Oracle Solaris 11.4 25 Apr 2022 ldmd(8)
+Oracle Solaris 11.4 14 Jun 2023 ldmd(8)
diff -NurbBw 11.4.57/man8/ldmp2v.8 11.4.60/man8/ldmp2v.8
--- 11.4.57/man8/ldmp2v.8 2023-08-23 17:32:56.885004190 -0700
+++ 11.4.60/man8/ldmp2v.8 2023-08-23 17:33:25.763696562 -0700
@@ -495,13 +495,15 @@
attributes.
- +-------------------------------------------------------------+
- |Attribute Type Attribute Value |
- +-------------------------------------------------------------+
- |Availability pkg:/system/ldoms/ldomsmanager |
- +-------------------------------------------------------------+
- |Interface Stability Uncommitted |
- +-------------------------------------------------------------+
+ +-----------------------------+-----------------------------+
+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+ +-----------------------------+-----------------------------+
+ |Architecture |SPARC |
+ +-----------------------------+-----------------------------+
+ |Availability |/system/ldoms/ldomsmanager |
+ +-----------------------------+-----------------------------+
+ |Interface Stability |Uncommitted |
+ +-----------------------------+-----------------------------+
SEE ALSO
attributes(7), ldm(8)
@@ -511,4 +513,4 @@
-Oracle Solaris 11.4 25 Nov 2020 ldmp2v(8)
+Oracle Solaris 11.4 14 Jun 2023 ldmp2v(8)
diff -NurbBw 11.4.57/man8/ldmpower.8 11.4.60/man8/ldmpower.8
--- 11.4.57/man8/ldmpower.8 2023-08-23 17:32:56.920212244 -0700
+++ 11.4.60/man8/ldmpower.8 2023-08-23 17:33:25.798575826 -0700
@@ -422,13 +422,15 @@
attribute.
- +-------------------------------------------------------------+
- |Attribute Type Attribute Value |
- +-------------------------------------------------------------+
- |Availability pkg:/system/ldoms/ldomsmanager |
- +-------------------------------------------------------------+
- |Interface Stability Uncommitted |
- +-------------------------------------------------------------+
+ +-----------------------------+-----------------------------+
+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+ +-----------------------------+-----------------------------+
+ |Architecture |SPARC |
+ +-----------------------------+-----------------------------+
+ |Availability |system/ldoms/ldomsmanager |
+ +-----------------------------+-----------------------------+
+ |Interface Stability |Uncommitted |
+ +-----------------------------+-----------------------------+
SEE ALSO
attributes(7), ldmd(8)
@@ -438,4 +440,4 @@
-Oracle Solaris 11.4 25 Nov 2020 ldmpower(8)
+Oracle Solaris 11.4 14 Jun 2023 ldmpower(8)
diff -NurbBw 11.4.57/man8/obpsym.8 11.4.60/man8/obpsym.8
--- 11.4.57/man8/obpsym.8 2023-08-23 17:32:56.952388047 -0700
+++ 11.4.60/man8/obpsym.8 2023-08-23 17:33:25.828663217 -0700
@@ -81,6 +81,8 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
+ |Architecture |SPARC |
+ +-----------------------------+-----------------------------+
|Availability |system/kernel/platform |
+-----------------------------+-----------------------------+
@@ -118,4 +120,4 @@
-Oracle Solaris 11.4 26 Mar 2020 obpsym(8)
+Oracle Solaris 11.4 14 Jun 2023 obpsym(8)
diff -NurbBw 11.4.57/man8/ovmtadm.8 11.4.60/man8/ovmtadm.8
--- 11.4.57/man8/ovmtadm.8 2023-08-23 17:32:56.985085321 -0700
+++ 11.4.60/man8/ovmtadm.8 2023-08-23 17:33:25.860148294 -0700
@@ -231,13 +230,15 @@
attributes.
- +-----------------------------------------------------------+
- |Attribute Type Attribute Value |
- +-----------------------------------------------------------+
- |Availability pkg:/system/ldoms/ovmtutils |
- +-----------------------------------------------------------+
- |Interface Stability Uncommitted |
- +-----------------------------------------------------------+
+ +-----------------------------+-----------------------------+
+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+ +-----------------------------+-----------------------------+
+ |Architecture |SPARC |
+ +-----------------------------+-----------------------------+
+ |Availability |system/ldoms/ovmtutils |
+ +-----------------------------+-----------------------------+
+ |Interface Stability |Uncommitted |
+ +-----------------------------+-----------------------------+
SEE ALSO
attributes(7), ovmtconfig(8), ovmtcreate(8), ovmtdeploy(8), ovmtli-
@@ -248,4 +249,4 @@
-Oracle Solaris 11.4 25 Nov 2020 ovmtadm(8)
+Oracle Solaris 11.4 14 Jun 2023 ovmtadm(8)
diff -NurbBw 11.4.57/man8/ovmtconfig.8 11.4.60/man8/ovmtconfig.8
--- 11.4.57/man8/ovmtconfig.8 2023-08-23 17:32:57.022815532 -0700
+++ 11.4.60/man8/ovmtconfig.8 2023-08-23 17:33:25.894096551 -0700
@@ -287,13 +287,15 @@
attributes.
- +-----------------------------------------------------------+
- |Attribute Type Attribute Value |
- +-----------------------------------------------------------+
- |Availability pkg:/system/ldoms/ovmtutils |
- +-----------------------------------------------------------+
- |Interface Stability Uncommitted |
- +-----------------------------------------------------------+
+ +-----------------------------+-----------------------------+
+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+ +-----------------------------+-----------------------------+
+ |Architecture |SPARC |
+ +-----------------------------+-----------------------------+
+ |Availability |system/ldoms/ovmtutils |
+ +-----------------------------+-----------------------------+
+ |Interface Stability |Uncommitted |
+ +-----------------------------+-----------------------------+
SEE ALSO
attributes(7), ovmtadm(8), ovmtcreate(8), ovmtdeploy(8), ovmtli-
@@ -304,4 +306,4 @@
-Oracle Solaris 11.4 25 Nov 2020 ovmtconfig(8)
+Oracle Solaris 11.4 14 Jun 2023 ovmtconfig(8)
diff -NurbBw 11.4.57/man8/ovmtcreate.8 11.4.60/man8/ovmtcreate.8
--- 11.4.57/man8/ovmtcreate.8 2023-08-23 17:32:57.057674737 -0700
+++ 11.4.60/man8/ovmtcreate.8 2023-08-23 17:33:25.928848069 -0700
@@ -245,13 +245,15 @@
attributes.
- +-----------------------------------------------------------+
- |Attribute Type Attribute Value |
- +-----------------------------------------------------------+
- |Availability pkg:/system/ldoms/ovmtutils |
- +-----------------------------------------------------------+
- |Interface Stability Uncommitted |
- +-----------------------------------------------------------+
+ +-----------------------------+-----------------------------+
+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+ +-----------------------------+-----------------------------+
+ |Architecture |SPARC |
+ +-----------------------------+-----------------------------+
+ |Availability |system/ldoms/ovmtutils |
+ +-----------------------------+-----------------------------+
+ |Interface Stability |Uncommitted |
+ +-----------------------------+-----------------------------+
SEE ALSO
attributes(7), ovmtadm(8), ovmtconfig(8), ovmtdeploy(8), ovmtli-
@@ -262,4 +264,4 @@
-Oracle Solaris 11.4 25 Nov 2020 ovmtcreate(8)
+Oracle Solaris 11.4 14 Jun 2023 ovmtcreate(8)
diff -NurbBw 11.4.57/man8/ovmtdeploy.8 11.4.60/man8/ovmtdeploy.8
--- 11.4.57/man8/ovmtdeploy.8 2023-08-23 17:32:57.093698708 -0700
+++ 11.4.60/man8/ovmtdeploy.8 2023-08-23 17:33:25.966163601 -0700
@@ -371,13 +371,15 @@
attributes.
- +-----------------------------------------------------------+
- |Attribute Type Attribute Value |
- +-----------------------------------------------------------+
- |Availability pkg:/system/ldoms/ovmtutils |
- +-----------------------------------------------------------+
- |Interface Stability Uncommitted |
- +-----------------------------------------------------------+
+ +-----------------------------+-----------------------------+
+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+ +-----------------------------+-----------------------------+
+ |Architecture |SPARC |
+ +-----------------------------+-----------------------------+
+ |Availability |system/ldoms/ovmtutils |
+ +-----------------------------+-----------------------------+
+ |Interface Stability |Uncommitted |
+ +-----------------------------+-----------------------------+
SEE ALSO
attributes(7), ovmtadm(8), ovmtconfig(8), ovmtcreate(8), ovmtli-
@@ -388,4 +390,4 @@
-Oracle Solaris 11.4 25 Nov 2020 ovmtdeploy(8)
+Oracle Solaris 11.4 14 Jun 2023 ovmtdeploy(8)
diff -NurbBw 11.4.57/man8/ovmtlibrary.8 11.4.60/man8/ovmtlibrary.8
--- 11.4.57/man8/ovmtlibrary.8 2023-08-23 17:32:57.123886344 -0700
+++ 11.4.60/man8/ovmtlibrary.8 2023-08-23 17:33:25.998432208 -0700
@@ -168,21 +168,23 @@
attributes.
- +-----------------------------------------------------------+
- |Attribute Type Attribute Value |
- +-----------------------------------------------------------+
- |Availability pkg:/system/ldoms/ovmtutils |
- +-----------------------------------------------------------+
- |Interface Stability Uncommitted |
- +-----------------------------------------------------------+
+ +-----------------------------+-----------------------------+
+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+ +-----------------------------+-----------------------------+
+ |Architecture |SPARC |
+ +-----------------------------+-----------------------------+
+ |Availability |system/ldoms/ovmtutils |
+ +-----------------------------+-----------------------------+
+ |Interface Stability |Uncommitted |
+ +-----------------------------+-----------------------------+
SEE ALSO
- attributes(7), ovmtadm(8), ovmtconfig(8), ovmtcreate(8), ovmtde-
- ploy(8), ovmtprop(8)
+ attributes(7), ovmtadm(8), ovmtconfig(8), ovmtcreate(8), ovmtdeploy(8),
+ ovmtprop(8)
Oracle VM Server for SPARC 3.6 Developer's Guide
-Oracle Solaris 11.4 25 Nov 2020 ovmtlibrary(8)
+Oracle Solaris 11.4 14 Jun 2023 ovmtlibrary(8)
diff -NurbBw 11.4.57/man8/ovmtprop.8 11.4.60/man8/ovmtprop.8
--- 11.4.57/man8/ovmtprop.8 2023-08-23 17:32:57.156762241 -0700
+++ 11.4.60/man8/ovmtprop.8 2023-08-23 17:33:26.030381716 -0700
@@ -154,21 +154,23 @@
attributes.
- +-----------------------------------------------------------+
- |Attribute Type Attribute Value |
- +-----------------------------------------------------------+
- |Availability pkg:/system/ldoms/ovmtutils |
- +-----------------------------------------------------------+
- |Interface Stability Uncommitted |
- +-----------------------------------------------------------+
+ +-----------------------------+-----------------------------+
+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+ +-----------------------------+-----------------------------+
+ |Architecture |SPARC |
+ +-----------------------------+-----------------------------+
+ |Availability |system/ldoms/ovmtutils |
+ +-----------------------------+-----------------------------+
+ |Interface Stability |Uncommitted |
+ +-----------------------------+-----------------------------+
SEE ALSO
- attributes(7), ovmtadm(8), ovmtconfig(8), ovmtcreate(8), ovmtde-
- ploy(8), ovmtlibrary(8)
+ attributes(7), ovmtadm(8), ovmtconfig(8), ovmtcreate(8), ovmtdeploy(8),
+ ovmtlibrary(8)
Oracle VM Server for SPARC 3.6 Developer's Guide
-Oracle Solaris 11.4 25 Nov 2020 ovmtprop(8)
+Oracle Solaris 11.4 14 Jun 2023 ovmtprop(8)
diff -NurbBw 11.4.57/man8/pkgadd.8 11.4.60/man8/pkgadd.8
--- 11.4.57/man8/pkgadd.8 2023-08-23 17:32:57.195446630 -0700
+++ 11.4.60/man8/pkgadd.8 2023-08-23 17:33:26.066063877 -0700
@@ -6,9 +6,8 @@
pkgadd - transfer software packages to the system
SYNOPSIS
- pkgadd [-nv] [-a admin] [-G] [-x proxy]
- [ [-M] -R root_path] [-r response] [-k keystore]
- [-P passwd] [-V fs_file]
+ pkgadd [-nv] [-a admin] [-G] [ [-M] -R root_path]
+ [-r response] [-V fs_file]
[-d device | -d datastream pkginst | all]
[pkginst | -Y category [, category]...]
@@ -86,15 +85,6 @@
This option is deprecated.
- -k keystore
-
- Use keystore as the location from which to get trusted certificate
- authority certificates when verifying digital signatures found in
- packages. If no keystore is specified, then the default keystore
- locations are searched for valid trusted certificates. See KEYSTORE
- LOCATIONS for more information.
-
-
-M
Instruct pkgadd not to use the $root_path/etc/vfstab file for
@@ -109,13 +99,6 @@
list of installed files. The default mode is interactive.
- -P passwd
-
- Password to use to decrypt keystore specified with -k, if required.
- See PASS PHRASE ARGUMENTS for more information about the format of
- this option's argument.
-
-
-r response
Identify a file or directory which contains output from a previous
@@ -163,16 +146,6 @@
file is non-existent or unreliable.
- -x proxy
-
- Specify a HTTP[S] proxy to use when downloading packages The format
- of proxy is host:port, where host is the hostname of the HTTP[S]
- proxy, and port is the port number associated with the proxy. This
- switch overrides all other methods of specifying a proxy. See ENVI-
- RONMENT VARIABLES for more information on alternate methods of
- specifying a default proxy.
-
-
When executed without options or operands, pkgadd uses /var/spool/pkg
(the default spool directory).
@@ -199,11 +172,6 @@
o A datastream created by pkgtrans (see pkgtrans(1)).
-
- o A URL pointing to a datastream created by pkgtrans. The
- supported Universal Resource Identifiers (URIs) are
- http: and https:.
-
The second form of the -d specifier, above, indicates the syntax
you use when specifying a datastream. In this case you must specify
either a comma-separated list of package names or the keyword all.
@@ -236,111 +204,6 @@
be selected for installation or spooling.
-KEYSTORE LOCATIONS
- Package such as pkgadd use a set of trusted certificates to perform
- signature validation on any signatures found within the packages. If
- there are no signatures included in the packages then signature valida-
- tion is skipped. The certificates can come from a variety of locations.
- If -k keystore is specified, and keystore is a directory, then key-
- store is assumed to be the base directory of the certificates to be
- used. If keystore is a file, then the file itself is assumed to have
- all required keys and certificates. When -k is not specified, then
- /var/sadm/security is used as the base directory.
-
-
- Within the specified base directory, the store locations to be searched
- are different based on the application doing the searching and the type
- of store being searched for. The following directories are searched in
- the specified order:
-
- 1. <store_dir>/<app_name>/<store_type>
-
-
- 2. <store_dir>/<store_type>
-
-
-
-
- Where <store_dir> is the directory specified by -k, <app_name> is the
- name of the application doing the searching, and <store_type> is one of
- keystore (for private keys), certstore (for untrusted public key cer-
- tificates), or truststore (for trusted certificate authority certifi-
- cates).
-
-
- For example, when pkgadd is run with -k /export/certs, then the fol-
- lowing locations are successively searched to find the trust store:
-
- 1. /export/certs/pkgadd/truststore
-
-
- 2. /export/certs/truststore
-
-
-
-
- This searching order enables administrators to have a single location
- for most applications, and special certificate locations for certain
- applications.
-
-KEYSTORE AND CERTIFICATE FORMATS
- The packaging utilities, such as pkgtrans, require access to a set of
- keys and certificates in order to sign, and optionally verify, pack-
- ages.
-
-
- The keystore files found by following the search pattern specified in
- KEYSTORE LOCATIONS must each be a self-contained PKCS#12-format file.
-
-
- When signing a package with pkgtrans, if a certstore has more than one
- public key certificate, then each public key must have a friendlyName
- attribute in order to be identifiable and selectable with the -a option
- when signing packages. In addition, the public key certificate selected
- with -a and found in the certstore must have an associated private key
- in the keystore.
-
-
- Several browsers and utilities can be used to export and import cer-
- tificates and keys into a PKCS#12 keystore. For example, a trusted cer-
- tificate can be exported from Mozilla, and then imported into a PKCS#12
- keystore for use with pkgadd with the OpenSSL Toolkit.
-
-PASS PHRASE ARGUMENTS
- pkgtrans and pkgadd accept password arguments, typically using -p to
- specify the password. These allow the password to be obtained from a
- variety of sources. Both of these options take a single argument whose
- format is described below. If no password argument is given and a pass-
- word is required then the user is prompted to enter one: this will typ-
- ically be read from the current terminal with echoing turned off.
-
- pass:password
-
- The actual password is password. Because the password is visible to
- utilities such as ps this form should only be used where security
- is not important.
-
-
- env:var
-
- Obtain the password from the environment variable var. Because the
- environment of other processes is visible on certain platforms this
- option should be used with caution.
-
-
- file:pathname
-
- The first line contained within pathname is the password. pathname
- need not refer to a regular file: it could, for example, refer to a
- device or named pipe. For example, to read the password from stan-
- dard input, use file:/dev/stdin.
-
-
- console
-
- Read the password from /dev/tty.
-
-
EXAMPLES
Example 1 Installing a Package from a Solaris DVD
@@ -415,25 +278,6 @@
Reboot after installation of this package.
-ENVIRONMENT VARIABLES
- HTTPPROXY
-
- Specifies an HTTP proxy host. Overrides administration file set-
- ting, and http_proxy environment variable.
-
-
- HTTPPROXYPORT
-
- Specifies the port to use when contacting the host specified by
- HTTPPROXY. Ignored if HTTPPROXY is not set.
-
-
- http_proxy
-
- URL format for specifying proxy host and port. Overrides adminis-
- tration file setting.
-
-
FILES
/var/sadm/install/logs/
@@ -457,9 +301,6 @@
pkginfo(5), attributes(7), zones(7), installf(8), pkgadm(8), pkgask(8),
pkgchk(8), pkgrm(8), removef(8)
-
- https://www.openssl.org
-
NOTES
When transferring a package to a spool directory, the -r, -n, and -a
options cannot be used.
@@ -484,11 +325,5 @@
package installation. See admin(5) for details.
- If a package stream is specified with -d, and a digital signature is
- found in that stream, the default behavior is to attempt to validate
- the certificate and signature found. This behavior can be overridden
- with admin file settings. See admin(5) for more information.
-
-
-Oracle Solaris 11.4 4 Feb 2015 pkgadd(8)
+Oracle Solaris 11.4 12 Jan 2023 pkgadd(8)
diff -NurbBw 11.4.57/man8/pkgadm.8 11.4.60/man8/pkgadm.8
--- 11.4.57/man8/pkgadm.8 2023-08-23 17:32:57.231226142 -0700
+++ 11.4.60/man8/pkgadm.8 2023-08-23 17:33:26.096863079 -0700
@@ -6,19 +6,6 @@
pkgadm - manage packaging and patching system
SYNOPSIS
- pkgadm addcert [-ty] [-a app] [-k keystore] [-e keyfile]
- [-f format] [-n name] [-P passarg]
- [-p import_passarg] [-R rootpath] certfile
-
-
- pkgadm removecert [-a app] [-k keystore] -n name
- [-P passarg] [-R rootpath]
-
-
- pkgadm listcert [-a app] [-f format] [-k keystore] -n name
- [-P passarg] [-o outfile] [-R rootpath]
-
-
pkgadm dbstatus [-R rootpath]
@@ -33,36 +20,9 @@
DESCRIPTION
The pkgadm utility is used for managing the packaging and patching sys-
tem. It has several subcommands that perform various operations relat-
- ing to packaging. The pkgadm command includes subcommands for managing
- certificates and keys used.
-
- Managing Keys and Certificates
- pkgadm maintains the packaging-system-wide keystore in /var/sadm/secu-
- rity, and individual user's certificates in ~/.pkg/security. The fol-
- lowing subcommands operate on the package keystore database:
-
- addcert
-
- Add (import) a certificate into the database, with optional trust.
- Once added, trusted certificates can be used to verify signed pack-
- ages and patches. Non-trusted user certificates and their associ-
- ated keys can be used to sign packages and patches. Added user cer-
- tificates are not used to build certificate chains during certifi-
- cate verification.
-
-
- removecert
-
- Removes a user certificate/private key pair, or a trusted certifi-
- cate authority certificate from the keystore. Once removed, the
- certificate and keys cannot be used.
-
-
- listcert
-
- Print details of one or more certificates in the keystore.
-
+ ing to packaging.
+ Contents file
sync
Writes the contents file and rolls the contents log file. With use
@@ -85,92 +45,6 @@
OPTIONS
The following options are supported:
- -a app
-
- If this option is used, then the command only affects the keystore
- associated with a particular application. Otherwise, the global
- keystore is affected.
-
-
- -e keyfile
-
- When adding a non-trusted certificate/key combination, this option
- can be used to specify the file that contains the private key. If
- this option is not used, the private key must be in the same file
- as the certificate being added.
-
-
- -f format
-
- When adding certificates, this specifies the format to expect cer-
- tificates and private keys in. Possible values when adding are:
-
-
- pem
-
- Certificate and any private key uses PEM encoding.
-
-
- der
-
- Certificate and any private key uses DER encoding.
-
- When printing certificates, this specifies the output format used
- when printing. Acceptable values for format are:
-
- pem
-
- Output each certificate using PEM encoding.
-
-
- der
-
- Output each certificate using DER encoding.
-
-
- text
-
- Output each certificate in human-readable format.
-
-
-
- -k keystore
-
- Overrides the default location used when accessing the keystore.
-
-
- -n name
-
- Identifies the entity in the store on which you want to operate.
- When adding a user certificate, or removing certificates, this name
- is required. The name is associated with the certificate/key combi-
- nation, and when adding, can be used later to reference the entity.
- When printing certificates, if no alias is supplied, then all key-
- store entities are printed.
-
-
- -o outfile
-
- Output the result of the command to outfile. Only used when examin-
- ing (printing) certificates from the key store. Standard out is the
- default.
-
-
- -P passarg
-
- Password retrieval method to use to decrypt keystore specified with
- -k, if required. See PASS PHRASE ARGUMENTS in pkgadd(8) for more
- information about the format of this option's argument. console is
- the default.
-
-
- -p import_passarg
-
- This option's argument is identical to -P, but is used for supply-
- ing the password used to decrypt the certificate and/or private key
- being added. console is the default.
-
-
-q
(Applies to sync subcommand.) Shuts down the contents file cache
@@ -180,13 +54,8 @@
-R rootpath
Defines the full name of a directory to use as the root (/) path.
- The default user location of the certificate operations is
- ${HOME}/.pkg. If the -R option is supplied, the certificates and
- keys will be stored under <altroot>/var/sadm/security. Note that
- this operation fails if the user does not have sufficient permis-
- sions to access this directory. The listcert command requires read
- permission, while addcert and removecert require both read and
- write permission.
+ Note that this operation fails if the user does not have sufficient
+ permissions to access this directory.
Note -
@@ -199,102 +68,16 @@
- -t
-
- Indicates the certificate being added is a trusted CA certificate.
- The details of the certificate (including the Subject Name, Valid-
- ity Dates, and Fingerprints) are printed and the user is asked to
- verify the data. This verification step can be skipped with -y.
- When importing a trusted certificate, a private key should not be
- supplied, and will be rejected if supplied. Once a certificate is
- trusted, it can be used as a trust anchor when verifying future
- untrusted certificates.
-
-
-V
Print version associated with packaging tools.
- -y
-
- When adding a trusted certificate, the details of the certificate
- (Subject name, Issuer name, Validity dates, Fingerprints) are shown
- to the user and the user is asked to verify the correctness before
- proceeding. With -y, this additional verification step is skipped.
-
-
-?
Print help message.
-OPERANDS
- The following operand is supported:
-
- certfile
-
- File containing the certificate and optional private key, used when
- adding a trust anchor or certificate/key combination. Certificates
- must be encoded using PEM or binary DER.
-
-
-KEYSTORE ALIASES
- All keystore entries (user cert/key and trusted certificate entries)
- are accessed via unique aliases. Aliases are case-sensitive.
-
-
- An alias is specified when you add an entity to a keystore using the
- addcert or trustcert subcommand. If an alias is not supplied for a
- trust anchor, the trust anchor's Common Name is used as the alias. An
- alias is required when adding a signing certificate or chain certifi-
- cate. Subsequent pkgcert or other package tool commands must use this
- same alias to refer to the entity.
-
-KEYSTORE PASSWORDS
- See the pkgadd(8) man page for a description of the passwords supplied
- to the pkgadm utility.
-
-EXAMPLES
- Example 1 Adding a Trust Anchor
-
-
-
- The following example adds a well-known and trusted certificate to be
- used when verifying signatures on packages.
-
-
- example% pkgadm addcert -t /tmp/certfile.pem
-
-
-
-
-
- Example 2 Adding a Signing Certificate
-
-
-
- The following example adds a signing certificate and associated private
- key, each of which is in a separate file, which can then be used to
- sign packages.
-
-
- example% pkgadm addcert -a pkgtrans -e /tmp/keyfile.pem \
- /tmp/certfile.pem
-
-
-
- Example 3 Printing Certificates
-
-
-
- The following example prints all certificates in the root keystore.
-
-
- example% pkgadm listcert
-
-
-
EXIT STATUS
0
@@ -338,4 +121,4 @@
-Oracle Solaris 11.4 27 Nov 2017 pkgadm(8)
+Oracle Solaris 11.4 12 Jan 2023 pkgadm(8)
diff -NurbBw 11.4.57/man8/rcapadm.8 11.4.60/man8/rcapadm.8
--- 11.4.57/man8/rcapadm.8 2023-08-23 17:32:57.264427522 -0700
+++ 11.4.60/man8/rcapadm.8 2023-08-23 17:33:26.128925277 -0700
@@ -78,7 +78,7 @@
the value you specify. K means kilobyte; M, megabyte; G, gigabyte;
and T, terabyte. For example, 100M is 100 megabytes.
- To remove an existing cap, specify 0M.
+ To remove an existing cap, specify 0.
-n
@@ -164,4 +164,4 @@
-Oracle Solaris 11.4 11 Dec 2020 rcapadm(8)
+Oracle Solaris 11.4 30 Mar 2023 rcapadm(8)
diff -NurbBw 11.4.57/man8/roleadd.8 11.4.60/man8/roleadd.8
--- 11.4.57/man8/roleadd.8 2023-08-23 17:32:57.311244779 -0700
+++ 11.4.60/man8/roleadd.8 2023-08-23 17:33:26.168305897 -0700
@@ -186,7 +186,7 @@
+-----------------------------+-----------------------------+
| FIELD | DEFAULT VALUE |
+-----------------------------+-----------------------------+
- |group |other (GID of 1) |
+ |group |staff (GID of 10) |
+-----------------------------+-----------------------------+
|base_dir |/export/home |
+-----------------------------+-----------------------------+
@@ -812,4 +812,4 @@
-Oracle Solaris 11.4 21 Jun 2021 useradd(8)
+Oracle Solaris 11.4 14 Apr 2023 useradd(8)
diff -NurbBw 11.4.57/man8/rolemod.8 11.4.60/man8/rolemod.8
--- 11.4.57/man8/rolemod.8 2023-08-23 17:32:57.355951919 -0700
+++ 11.4.60/man8/rolemod.8 2023-08-23 17:33:26.207802779 -0700
@@ -186,7 +186,7 @@
+-----------------------------+-----------------------------+
| FIELD | DEFAULT VALUE |
+-----------------------------+-----------------------------+
- |group |other (GID of 1) |
+ |group |staff (GID of 10) |
+-----------------------------+-----------------------------+
|base_dir |/export/home |
+-----------------------------+-----------------------------+
@@ -812,4 +812,4 @@
-Oracle Solaris 11.4 21 Jun 2021 useradd(8)
+Oracle Solaris 11.4 14 Apr 2023 useradd(8)
diff -NurbBw 11.4.57/man8/route.8 11.4.60/man8/route.8
--- 11.4.57/man8/route.8 2023-08-23 17:32:57.396710759 -0700
+++ 11.4.60/man8/route.8 2023-08-23 17:33:26.247732119 -0700
@@ -448,6 +448,12 @@
The -ifa hostname modifier is also accepted, but has no effect.
+EXAMPLES
+ The following example illustrates how to set the systems default route.
+
+ # route -p add default hostname
+
+
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
@@ -460,9 +466,10 @@
SEE ALSO
uname(1), ioctl(2), getipnodebyname(3C), getnetbyname(3C),
- inet_addr(3C), arp(4P), ip(4P), route(4P), routing(4P), ip-interface-
- management(5), hosts(5), networks(5), attributes(7), privileges(7),
- in.ripngd(8), in.routed(8), netstat(8), routed(8)
+ inet_addr(3C), arp(4P), ip(4P), route(4P), routing(4P), default-
+ router(5), ip-interface-management(5), hosts(5), networks(5),
+ attributes(7), privileges(7), in.ripngd(8), in.routed(8), netstat(8),
+ routed(8)
DIAGNOSTICS
add [ host| network] destination:gateway flags
@@ -533,4 +540,4 @@
-Oracle Solaris 11.4 6 Oct 2022 route(8)
+Oracle Solaris 11.4 1 Jun 2023 route(8)
diff -NurbBw 11.4.57/man8/svccfg.8 11.4.60/man8/svccfg.8
--- 11.4.57/man8/svccfg.8 2023-08-23 17:32:57.447296009 -0700
+++ 11.4.60/man8/svccfg.8 2023-08-23 17:33:26.296331574 -0700
@@ -822,6 +822,11 @@
snmp:{[active]|inactive}
+ ...and to control logging of Automated Service Requests (ASRs):
+
+
+ asr:{[active]|inactive}
+
The parameter msg_template defined in smtp-notify(8) can be set
as a header value in the mailto URI. For example:
@@ -832,6 +837,10 @@
directive in /etc/net-snmp/snmp/snmpd.conf or as specified by
the SNMP trap notification daemon. See smtp-notify(8).
+ The ASR option requires no further configuration provided ASRs
+ are configured via either the ILOM, or via the asr-notify(8)
+ daemon.
+
The notification parameters are specific to the class or tset
specified and overwrite preexisting notification parameters.
The active/inactive form does not overwrite previous notifica-
@@ -1000,8 +1009,8 @@
- The following command enables SNMP notifications for Fault Management
- events.
+ The following command enables Email and SNMP notifications for Fault
+ Management events.
# svccfg setnotify problem-diagnosed,problem-updated \
@@ -1186,6 +1195,19 @@
+ Example 17 Disabling Automated Service Requests
+
+
+
+ The following command disables ASRs when the ntp service transitions to
+ maintenance mode.
+
+
+ # svccfg -s svc:/network/ntp:default setnotify from-online,to-maintenance \
+ asr:inactive
+
+
+
ENVIRONMENTAL VARIABLES
EDITOR
@@ -1233,8 +1255,9 @@
svcprop(1), svcs(1), libscf(3LIB), libumem(3LIB), scf_ser-
vice_add_pg(3SCF), scf_value_create(3SCF), contract(5), service_bun-
dle(5), attributes(7), fnmatch(7), smf(7), smf_method(7), smf_secu-
- rity(7), smf_template(7), smtp-notify(8), svc.configd(8), svcadm(8)
+ rity(7), smf_template(7), asr-notify(8), smtp-notify(8), snmp-
+ notify(8), svc.configd(8), svcadm(8)
-Oracle Solaris 11.4 24 Mar 2020 svccfg(8)
+Oracle Solaris 11.4 21 Mar 2023 svccfg(8)
diff -NurbBw 11.4.57/man8/swap.8 11.4.60/man8/swap.8
--- 11.4.57/man8/swap.8 2023-08-23 17:32:57.482638809 -0700
+++ 11.4.60/man8/swap.8 2023-08-23 17:33:26.330701297 -0700
@@ -6,10 +6,10 @@
swap - swap administrative interface
SYNOPSIS
- /usr/sbin/swap -a swapname [swaplow] [swaplen]
+ /usr/sbin/swap -a [-t] swapname [swaplow] [swaplen]
- /usr/sbin/swap -d swapname [swaplow]
+ /usr/sbin/swap -d [-t] swapname [swaplow]
/usr/sbin/swap -l [-h | -k | --scale[=item1,item2,...]]
@@ -24,16 +24,15 @@
OPTIONS
The following options are supported:
- -a swapname [swaplow] [swaplen]
+ -a [-t] swapname [swaplow] [swaplen]
Add the specified swap area. This option can only be used by an
administrator who is assigned the File System Management rights
profile or by root. swapname is the name of the swap area or regu-
lar file. On a system running a ZFS file system, specify a ZFS vol-
- ume, such as /dev/zvol/dsk/rpool/swap, for a swap area. Using a
- regular file for swap is not supported on a ZFS file system. In
- addition, you cannot use the same ZFS volume for both the swap area
- and a dump device.
+ ume, such as rpool/swap, for a swap area. Unless the -t is given
+ the change will persist across reboots. Using a regular file for
+ swap is not supported on a ZFS file system.
swaplow is the offset in 512-byte blocks into the file where the
swap area should begin. swaplen is the desired length of the swap
@@ -57,8 +56,9 @@
Swap areas are added automatically during system startup by the
svc:/system/swap service. This service adds all swap areas which
- have been specified in the /etc/vfstab file. For the syntax of
- these specifications, see vfstab(5) man page.
+ have not been added with the -t flag or are specified in the
+ /etc/vfstab file. For the syntax of these specifications, see
+ vfstab(5) man page.
ZFS volumes used as a swap device will always be encrypted regard-
less of the value of the encryption property for the ZFS volume.
@@ -109,6 +109,10 @@
allocated from this area and all swap blocks previously in use in
this swap area have been moved to other swap areas.
+ If the swap area was a ZFS volume that was not added with the -t
+ flag the kvol_swap ZFS property is set to off unless the -t flag
+ is given.
+
-h
@@ -209,6 +213,12 @@
description of --scale features.
+ -t
+
+ When adding or removing a ZFS swap volume do not set the kvol_swap
+ property so the change will not persist across reboot.
+
+
USAGE
A block device larger than 2 Gbytes can be fully utilized for swap up
to 2^63 -1 bytes.
@@ -259,4 +269,4 @@
-Oracle Solaris 11.4 23 August 2022 swap(8)
+Oracle Solaris 11.4 25 February 2023 swap(8)
diff -NurbBw 11.4.57/man8/sxadm.8 11.4.60/man8/sxadm.8
--- 11.4.57/man8/sxadm.8 2023-08-23 17:32:57.531618295 -0700
+++ 11.4.60/man8/sxadm.8 2023-08-23 17:33:26.372301930 -0700
@@ -185,12 +185,11 @@
IBPB - Indirect Branch Prediction Barrier
- IBPB is a mitigation for CVE-2017-5715 for Intel CPUs. It is used
- in the kernel to guarantee that older indirect branches cannot
- influence predictions of indirect branches in the future. It is
- enabled by default on systems where it is required and supported.
- When it is enabled some applications might experience lower perfor-
- mance.
+ IBPB is a mitigation for CVE-2017-5715 for x86 CPUs. It is used in
+ the kernel to guarantee that older indirect branches cannot influ-
+ ence predictions of indirect branches in the future. It is enabled
+ by default on systems where it is required and supported. When it
+ is enabled some applications might experience lower performance.
A reboot is required after enabling or disabling IBPB for the
changes to take effect.
@@ -198,7 +197,7 @@
IBRS - Indirect Branch Restricted Speculation
- IBRS is a mitigation for CVE-2017-5715 for Intel CPUs. It is called
+ IBRS is a mitigation for CVE-2017-5715 for x86 CPUs. It is called
on every entry into the kernel and restricts the speculation of
indirect branches. It is enabled by default on systems where it is
required and supported. When it is enabled some applications might
@@ -247,12 +246,12 @@
L1DF - Level 1 Data Cache Flush
L1DF is a mitigation for CVE-2018-3646 for Intel CPUs only. It
- flushes sensitive data from the L1D cache to prevent an untrusted
- guest virtual machine from inferring data from other guest virtual
- machines. This flush is performed every time the host system enters
- a virtual machine (VM entry). As part of this mitigation disabling
- hyper-threading (HT) while running virtual machines is strongly
- recommended.
+ flushes sensitive data from the L1 data cache to prevent an
+ untrusted guest virtual machine from inferring data from other
+ guest virtual machines. This flush is performed every time the host
+ system enters a virtual machine (VM entry). As part of this mitiga-
+ tion disabling hyper-threading (HT) while running virtual machines
+ is strongly recommended.
Note -
@@ -370,9 +369,9 @@
SMAP - Supervisor Mode Access Prevention
SMAP is mechanism to disallow supervisor mode execution of text
- mapped only in userland on Intel CPUs. It is enabled by default
- when it is supported by the hardware. Certain applications or driv-
- ers can fail when SMAP is enabled.
+ mapped only in userland on x86 CPUs. It is enabled by default when
+ it is supported by the hardware. Certain applications or drivers
+ can fail when SMAP is enabled.
A reboot is required after enabling or disabling SMAP for the
changes to take effect.
@@ -435,7 +434,7 @@
UMIP - User-Mode Instruction Prevention
- UMIP is a mechanism on Intel CPUs that restricts the execution of
+ UMIP is a mechanism on x86 CPUs that restricts the execution of
specific instructions if the CPU is running outside of its highest
privileged mode (e.g. running in user mode). This is a security
feature to prevent potential manipulation of system software data
@@ -881,5 +880,10 @@
11.4.18.
+ The security extensions IBPB, IBRS, SMAP and UMIP that were previously
+ only available for Intel CPUs are also available for supported AMD CPUs
+ as of Solaris 11.4.59.
-Oracle Solaris 11.4 7 Mar 2023 sxadm(8)
+
+
+Oracle Solaris 11.4 24 Apr 2023 sxadm(8)
diff -NurbBw 11.4.57/man8/sysadm.8 11.4.60/man8/sysadm.8
--- 11.4.57/man8/sysadm.8 2023-08-23 17:32:57.568621495 -0700
+++ 11.4.60/man8/sysadm.8 2023-08-23 17:33:26.407749048 -0700
@@ -6,11 +6,11 @@
sysadm - maintain host
SYNOPSIS
- sysadm maintain -s [ -m "message" ]
+ sysadm maintain -s [ -t software|admin ] [ -m message ]
sysadm maintain -l [-p] [-o field1,...]
- sysadm maintain -e
+ sysadm maintain -e [ -t software|admin ]
sysadm evacuate [-arnvqw]
@@ -25,18 +25,27 @@
profile can use the sysadm command.
- Starting a maintenance mode will log an audit record and prevent the
- subsequent attach, boot, or incoming migration of any zones into the
- system. This can be used to perform administration on a zones host and
+ Starting maintenance mode will log an audit record and put the system
+ in to a mode where either admin or software maintenance type is being
+ performed.
+
+
+ By default, or when admin type is specified, subsequent zone attach,
+ zone boot, or incoming migration of any zones into the system are pre-
+ vented. This can be used to perform administration on a zones host and
remove it from service.
+ If software maintenance is being performed. The creation of Automated
+ Service Requests (ASR) is prevented for software defects and alerts.
+
+
Maintenance state is held across host reboots and changes between dif-
ferent boot environments.
- To bring zones back into service, maintenance must be ended with the -e
- option.
+ To bring the system back into service, maintenance must be ended with
+ the -e option.
Optionally, the host may be evacuated by migrating all solaris-kz,
@@ -49,10 +58,33 @@
The following subcommands are supported:
- sysadm maintain -s [ -m "message" ]
+ sysadm maintain -s [ -t software|admin ] [ -m message ]
+
+
+ Starts maintenance.
+
+
+ Optionally, you can use the -m option to specify a free-form message
+ string.
+
+
+ Optionally, you can use the -t option to specify one of the following
+ maintenance types:
+
+ o admin disables zone migration to this host, and zone boot
+ and attach on the host. This is the default type, and invok-
+ ing sysadm maintain -s with no option will set the type to
+ admin.
+
+
+ o software disables the logging of ASRs for any FMA defect or
+ alert that is the result of a software problem.
+
+
+
+ Either, both or no software maintenance types can be active at any
+ time.
- Starts maintenance. An optional free-form message string may be
- given.
Starting maintenance clears any existing evacuation state.
@@ -69,8 +101,8 @@
or the special value all to display all fields.
- TYPE The type of maintenance. Currently, always the value
- admin.
+ TYPE The type of maintenance mode. Valid values are admin
+ (default), and software.
USER The user who sets the maintenance mode.
@@ -92,7 +124,7 @@
- sysadm maintain -e
+ sysadm maintain -e [ -t software|admin ]
Ends maintenance mode.
@@ -212,7 +244,18 @@
- Example 2 Evacuating a System to a Single Default Destination
+ Example 2 Starting Software Maintenance
+
+
+
+ # sysadm maintain -s -t software -m "modifying ntp configuration"
+ # sysadm maintain -l
+ TYPE USER DATE MESSAGE
+ software root 2023-02-28 11:11 modifying ntp configuration
+
+
+
+ Example 3 Evacuating a System to a Single Default Destination
@@ -241,7 +284,7 @@
- Example 3 Clearing Maintenance State and Returning an Evacuation
+ Example 4 Clearing Maintenance State and Returning an Evacuation
@@ -262,7 +305,7 @@
- Example 4 Getting the detailed evacuation progress messages.
+ Example 5 Getting the detailed evacuation progress messages.
@@ -345,4 +388,4 @@
-Oracle Solaris 11.4 8 Oct 2021 sysadm(8)
+Oracle Solaris 11.4 29 Mar 2023 sysadm(8)
diff -NurbBw 11.4.57/man8/useradd.8 11.4.60/man8/useradd.8
--- 11.4.57/man8/useradd.8 2023-08-23 17:32:57.615067036 -0700
+++ 11.4.60/man8/useradd.8 2023-08-23 17:33:26.447157263 -0700
@@ -186,7 +186,7 @@
+-----------------------------+-----------------------------+
| FIELD | DEFAULT VALUE |
+-----------------------------+-----------------------------+
- |group |other (GID of 1) |
+ |group |staff (GID of 10) |
+-----------------------------+-----------------------------+
|base_dir |/export/home |
+-----------------------------+-----------------------------+
@@ -812,4 +812,4 @@
-Oracle Solaris 11.4 21 Jun 2021 useradd(8)
+Oracle Solaris 11.4 14 Apr 2023 useradd(8)
diff -NurbBw 11.4.57/man8/usermod.8 11.4.60/man8/usermod.8
--- 11.4.57/man8/usermod.8 2023-08-23 17:32:57.658588604 -0700
+++ 11.4.60/man8/usermod.8 2023-08-23 17:33:26.485960885 -0700
@@ -186,7 +186,7 @@
+-----------------------------+-----------------------------+
| FIELD | DEFAULT VALUE |
+-----------------------------+-----------------------------+
- |group |other (GID of 1) |
+ |group |staff (GID of 10) |
+-----------------------------+-----------------------------+
|base_dir |/export/home |
+-----------------------------+-----------------------------+
@@ -812,4 +812,4 @@
-Oracle Solaris 11.4 21 Jun 2021 useradd(8)
+Oracle Solaris 11.4 14 Apr 2023 useradd(8)
diff -NurbBw 11.4.57/man8/vntsd.8 11.4.60/man8/vntsd.8
--- 11.4.57/man8/vntsd.8 2023-08-23 17:32:57.693927828 -0700
+++ 11.4.60/man8/vntsd.8 2023-08-23 17:33:26.519382327 -0700
@@ -198,6 +198,8 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
+ |Architecture |SPARC |
+ +-----------------------------+-----------------------------+
|Availability |system/ldoms |
+-----------------------------+-----------------------------+
|Interface Stability |Committed |
@@ -332,4 +331,4 @@
-Oracle Solaris 11.4 24 Sept 2021 vntsd(8)
+Oracle Solaris 11.4 14 Jun 2023 vntsd(8)
diff -NurbBw 11.4.57/man8/zoneadm.8 11.4.60/man8/zoneadm.8
--- 11.4.57/man8/zoneadm.8 2023-08-23 17:32:57.758206612 -0700
+++ 11.4.60/man8/zoneadm.8 2023-08-23 17:33:26.579985615 -0700
@@ -1150,7 +1150,7 @@
- zoneadm move [-p URI ... -p URI] [-x extended-options] new-zonepath
+ zoneadm move [-p URI ... -p URI] [-x extended-options] [new-zonepath]
Move the zone installation to a new location in the local file sys-
tem or a new ZFS storage pool and/or change current zonepath to
@@ -1166,13 +1166,17 @@
storage URI(s) or out of its containing ZFS storage pool into the
local file system.
+ A zone installation configured with a rootzpool resource may be
+ moved to a local file system with the -x remove-rootzpool option.
+ If the new-zonepath is not specified, the zone is moved to the
+ default location, otherwise it must be a valid pathname and the
+ usual restrictions for the zonepath property apply.
+
The move subcommand may also be used to change just the zonepath
property to new-zonepath without otherwise changing the zone
installation itself.
- The zone must be halted before this subcommand can be used. The
- new-zonepath must be a valid pathname and usual restrictions for
- the zonepath property apply.
+ The zone must be halted before this subcommand can be used.
The following options are supported:
@@ -1940,4 +1944,4 @@
-Oracle Solaris 11.4 19 Jan 2023 zoneadm(8)
+Oracle Solaris 11.4 28 Mar 2023 zoneadm(8)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment