Re: SUMMARY: Trouble with C2 security / shadow passwd

From: David Stewart (das@edee.edinburgh.ac.uk)
Date: Tue Jan 15 1991 - 03:20:26 CST


Cc: dvorak@ch.unibe.iam

>> - hal stern <stern@East.Sun.com> indicated that the problem may be caused
>> by the fact that a 4.0.3 NIS master is serving 4.1.1 slaves and clients:
>> > if you're mixing 4.1 and 4.0.3 NIS masters, that's probably your
>> > problem. the 4.1 clients are trying to read 4.1-style NIS files,
>> > and will fail until they rebind to the 4.1 server. your NIS master
>> > server should be a 4.1 machine
 
>> I didn't try this one, but we plan to upgrade our master server
>> in a month or two. Looks as if it will be ok then.

There is a bug with the C2 security under
4.1 (and I understand 4.1.1) that doesn't let anyone change their passwords.
There are two problems:-
1/rpc.yppasswdd dumps core
2/ ignores its second arguement

THe Sun patches to fix the first problem have as yet not fixed the problem
(I have various calls logged with the UK hotline about this).

I was running a mixed environment with my YP master running 4.0.3 succesfully
but I wanted to move everything to 4.1. To get round the problem I used
a fix which appeared on Sun-Managers which I have altered slightly. It does
as a stop gap but a correct fix is still needed from Sun.
I will happily supply more info if needed.

The second problem is easily fixed by adding another flag to the
/usr/etc/rpc.yppasswdd line in /etc/rc.local e.g.

/usr/etc/rpc.yppasswdd /var/yp/passwd -nosingle -m passwd DIR=/var/yp

This second problem applies to "NORMAL" operation as well as "C2" operation.

- David Stewart -
Computing Officer
Electrical Engineering
Edinburgh University
D.A.Stewart@ee.ed.ac.uk



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:06:09 CDT