Patch Name: PHSS_9627 Patch Description: s700_800 10.20 CDE Dtlogin and Dtsession Point Patch Creation Date: 96/12/20 Post Date: 96/12/30 Repost: 97/01/09 The patch depot was repackaged with a prerequisite attribute on patch PHSS_8667. The prerequisite will require that PHSS_8667 be installed prior to this patch. Hardware Platforms - OS Releases: s700: 10.20 s800: 10.20 Products: N/A Filesets: CDE.CDE-RUN Automatic Reboot?: No Status: General Superseded Critical: No Path Name: /hp-ux_patches/s700_800/10.X/PHSS_9627 Symptoms: PHSS_9627: 1) It is possible to bypass proper authentication 2) Screen lock with integrated login fails at 10.20 on second unlock 3) CDE Screen Lock problem with PAM Defect Description: PHSS_9627: 1) It is possible to bypass proper authentication 2) Screen lock with integrated login fails at 10.20 on second unlock 3) CDE Screen Lock problem with PAM SR: 5003342196 4701338103 5003341420 Patch Files: /usr/dt/bin/dtlogin /usr/dt/bin/dtsession what(1) Output: /usr/dt/bin/dtlogin: X Window System, Version 11 R6+ HP-UX B.10.20.00 Nov 1996 E Point Patch Release (build date: Thu Dec 19 08:12:37 PST 1996) dtlogin: $Revision: 1.16 $ /usr/dt/bin/dtsession: X Window System, Version 11 R6+ HP-UX B.10.20.00 Nov 1996 E Point Patch Release (build date: Thu Dec 19 18:45:41 PST 1996) dtsession: $Revision: 2.0 $ cksum(1) Output: 1703054665 172032 /usr/dt/bin/dtlogin 2368388258 172032 /usr/dt/bin/dtsession Patch Conflicts: None Patch Dependencies: s700: 10.20: PHSS_8667 s800: 10.20: PHSS_8667 Hardware Dependencies: None Other Dependencies: None Supersedes: None Equivalent Patches: None Patch Package Size: 390 Kbytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHSS_9627 5a. For a standalone system, run swinstall to install the patch: swinstall -x autoreboot=true -x match_target=true \ -s /tmp/PHSS_9627.depot 5b. For a homogeneous NFS Diskless cluster run swcluster on the server to install the patch on the server and the clients: swcluster -i -b This will invoke swcluster in the interactive mode and force all clients to be shut down. WARNING: All cluster clients must be shut down prior to the patch installation. Installing the patch while the clients are booted is unsupported and can lead to serious problems. The swcluster command will invoke an swinstall session in which you must specify: alternate root path - default is /export/shared_root/OS_700 source depot path - /tmp/PHSS_9627.depot To complete the installation, select the patch by choosing "Actions -> Match What Target Has" and then "Actions -> Install" from the Menubar. 5c. For a heterogeneous NFS Diskless cluster: - run swinstall on the server as in step 5a to install the patch on the cluster server. - run swcluster on the server as in step 5b to install the patch on the cluster clients. By default swinstall will archive the original software in /var/adm/sw/patch/PHSS_9627. If you do not wish to retain a copy of the original software, you can create an empty file named /var/adm/sw/patch/PATCH_NOSAVE. Warning: If this file exists when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. It is recommended that you move the PHSS_9627.text file to /var/adm/sw/patch for future reference. To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHSS_9627.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: Please note: The CDE environment must not be running when this patch is installed. If it is, you will receive warnings that text files are busy. SD will move these aside and place the new files in the appropriate location, but it is recomended that CDE first be shutdown prior to patch instalation.