12 February,18 at 12:18 PM
Applies to: All version of Centrify DirectAudit
Problem:
On Solaris 11.x or above, there is a shell called pfbash located in /bin, if users set this shell as their default shell, they will fall into emergency shell during login as this shell is not listed in /etc/shells.
Cause:
Solaris does not have /etc/shells by default and it is generated by Centrify.
Centrify Direct Audit calls the OS function getusershell() if it exists. In most cases, it just returns the entries in /etc/shells.
However, note the following special implementation of getusershell() in Solaris:
If /etc/shells does not exist, the following locations of the standard system shells are used in its place:
/bin/bash /bin/csh /bin/jsh /bin/ksh /bin/pfcsh /bin/pfksh /bin/pfsh /bin/sh /bin/tcsh /bin/zsh /sbin/jsh /sbin/pfsh /sbin/sh /usr/bin/bash /usr/bin/csh /usr/bin/jsh /usr/bin/ksh /usr/bin/pfcsh /usr/bin/pfksh /usr/bin/pfsh /usr/bin/sh /usr/bin/tcsh /usr/bin/zsh /usr/sfw/bin/zsh /usr/xpg4/bin/sh
Centrify DirectAudit checks if the file returned from the function exists or not, pfbash is NOT in this list and therefore, /etc/shell will not include this shell for auditing.
Workaround: