I’ve been away from Solaris for 5 months, but I need some VMs for NFSv4 testing, which means beating my head against modernization such as RBAC, pfexec, and NWAM.
I prefer to treat my lab Unix machines as inter-changable boxes and do all of my configuration up front. I want to be able to do an SSH root login, especially if the system goes out of the way to make that hard.
There are currently 3 things you have to do to violate this security truism on either OpenSolaris or Solaris 11:
1) Modify PermitRootLogin to yes in /etc/ssh/sshd_config.
2) Comment out the “CONSOLE=/dev/console” line in /etc/default/login.
3) Remove “;type=role” from the root entry in /etc/user_attr.
