Among varous other items, I'm trying to find out what "Authentication Management Infrastructure" (package SUNWamix) does, and why would a sysadmin disable it? The reason given is 'for security purposes' without explanation ... how and why is AMI such a 'security risk' that it has to be turned off? I searched docs.sun.com but found no detailed info there.
For background sake, I'm an ex-sysadmin, now just a 'user', and sysadmins at my company have been changing configs (turning various stuff off in inetd.conf) on the systems I use without explanation ... they break functionality of tools I use .
One of the normal things to do is turn off services in inetd.conf if you aren't using them. See Security Focus .
If what the system administrators are turning off effects you, talk to them - see if the service can be turned back on or not. Sometimes, it may have been a requirement by the Security group (or because of a failed audit).
Thanks for the link to SF ... I'm aware that it is now common practice to turn off "unused" or "unnecessary" services in inetd for security purposes ... what I'm not aware of is any actual usefulness to this practice.
[SOAPBOX]As I like to tell anybody who listens, there is a difference between 'risk' and 'threat' and any so-called security professional that can't explain that difference in plain english is incompetent. I still don't know what the Authentication Management Infrastructure on Solaris actually does, so I'm in absolutely no position to weigh in on its potential risk in the environment. But nobody in our sysadmin dept. has been able to explain it to me either ... so why would a supposedly professional sysadmin turn stuff off if they don't know what it does? If this behavior is the result of a "security audit", why wouldn't the sysadmins require an explanation from the auditor before blindly flipping bits in the system configs?
Serously tho ... I'm no fan of IT security folk ... in the corporate world in which I live, breathe and work, they tend to be obstrunctionist and counter-productive ... they refuse to validate their actual utility to the company while doing much of their work in secret (they can't tell me 'why' they do anything because of security, get it?), meanwhile my productivity goes down because of the worthless hurdles they throw in my path. Cost to the company goes up, my ROI goes down. And I think that it is safe to say that the company is not any better off by the disablement of AMI on this server.[\SOAPBOX]
Back to the main thrust of my OP ... could somebody indicate WHERE can I find explanations of these services & packages? All I know is that overnight a dozen or so services in inetd.conf were commented out and the next day one of my tools was broken. I would really prefer to find out which service is the needed one without having to go through the brute-force 'turn them on one at a time' method of experimentation.
Apart from bugs (bof) misconfiguration and the like which could lead to remote full access,
sending many request to those unused services 'may' bring down to its knees your costly sun server
.