Remote, Secure Zone Console Login
By user12618941 on Jan 26, 2005
Fortunately, we can handle this in a nice way already. (Disclaimer: Please note that as stated by the script, the following techniques have not been subject to a rigorous security audit. I believe this technique to be sound, but neither I nor Sun warrant it to be so.)
To start, we'll
add a user account to /etc/passwd for each zone we want to set up this way:
# passwd z1
New Password: xxxyyy
Re-enter new Password: xxxyyy
passwd: password successfully changed for z1
Finally, we need to give the z1 account the ability to run zlogin; we do that by modifying
the RBAC attributes for the z1 user.
So, here's what it looks like:
Last login: Tue Jan 25 13:54:01 2005 from xxx
warning: using experimental, unsupported 'zoneshell'
[Connected to zone 'xanadu-z1' console]
I'd appreciate any feedback on whether this is helpful, or not!
To reiterate: this code is experimental, and has not been audited for its security characteristics. Use of this script is AT YOUR OWN RISK. Please use this as an example, from which you could derive your own implementation.