SUMMARY: Problems with passwd under Solaris 2.3

From: 0000-Admin0000 (root@infcip42.uni-trier.de)
Date: Thu Jul 14 1994 - 09:18:55 CDT


----------
X-Sun-Data-Type: text
X-Sun-Data-Description: text
X-Sun-Data-Name: text
X-Sun-Charset: us-ascii
X-Sun-Content-Lines: 66

Dear Sun Managers,

with a great feeling of relief I do return the summary of answers I received
until now (07/15/94 3 pm).
Thanks to all who posted me.

The original question was:

> we've just installed two test-machines (Classic+) as Server and diskless Client,
> both running Solraris 2.3, with NIS+ and almost everything works quite all right.
> The only exeptions are
>
> 1. Users can't change their password although we made a link from
> nispasswd to passwd. Further we tried with the hints from the
> Installation manual, keylogin, using nispasswd, chkey. No solution,
> Anytime a user tries to passwd he will be asked for the old password,
> the new password and then the NIS+ Service replies
> "NIS+ password information changed for greiml
> nispasswd: couldn't change password for greiml
> Reason: failed to update the cred table with reencrypted credentials
> Please notify your System Administrator."
> As we are the System Adminitrators and do not know how to handle this
> Problem, we are in a really dump situation.
> Is there anyone out there with help for us?
>
> 2. Every time the one of the machines is rebooted it complains about
> unknown services rquotad/rpc/udp
> rquotad/rpc/ticlts
> rusersd/rpc/udp
> rusersd/rpc/ticlts
> sprayd/rpc/udp
> sprayd/rcp/ticlts
> walld/rpc/udp
> walld/rpc/ticlts
> rstatd/rpc/udp
> rstatd/rpc/ticlts
> How can we get rid of these anoying messages?

1. The Problem was, as most of You told me a Problem of the right credentials.
   Clients weren't handed the right credentials by Admitool.
   It happened because of the missing of Patches 101329 and 101384, which I
   installed right afterwards.
   The problem was, that Admintool did not create the right entries in the cred
   table, which usually does not affect root (living in /etc/passwd even on the
   clients).
   Christian Masopust and Steve Kilbane send a tool to restore wrong credentials
   which will we an addendum to this Summary.
         Thanks again.

2. I simply didn't know of the necessaty to update even the rpc table.
   After 'nisaddent -v -f /etc/rpc rpc' everything was o.k.

Answers from: bartole@crpcu.lu (Emile Bartole)
              gusset@info.ntb.ch (Thomas Gusset)
              Todd Gudgel <centaur@plutonium.sem.Arizona.EDU>
              steve@cegelecproj.co.uk (Steve_Kilbane)
              Neil W Rickert <rickert@cs.niu.edu>
              ratinox@unilab.dfci.harvard.edu (Richard Pieri)
              danny@ews7.dseg.ti.com (Danny Johnson)
              Christian.Masopust@emndev.siemens.co.at
          

Alexander
----------
X-Sun-Data-Type: shell-script
X-Sun-Data-Name: set_cred_rights
X-Sun-Charset: us-ascii
X-Sun-Content-Lines: 15

#!/bin/sh
#
# change the user's credential ownership to him
# from harper@suny.stat.vt.edu (Scott Harper)
# 3374CB / 15.3.94
#
#
niscat cred.org_dir | \
awk -F: '{print $1}' - | \
sh -c 'while read name; do nischown $name [cname=$name],cred.org_dir; done'

--
  Christian Masopust                               |    _    |
  Siemens AG Austria                              _|___/v\___|_ 
  Christian.Masopust@emndev.siemens.co.at    -====(~)=(.*.)=(~)====-
  Phone/Fax: +43-1-2501-4516 / 4485                    `-'           
----------
X-Sun-Data-Type: default-app
X-Sun-Data-Description: default
X-Sun-Data-Name: credential-fix.ksh
X-Sun-Charset: us-ascii
X-Sun-Content-Lines: 60

#!/bin/ksh #From Ian.Herd%sun-microsystems.co.uk@gec-epl.co.uk Mon Jan 31 17:40 GMT 1994 #Date: Mon, 31 Jan 1994 17:31:39 +0000 #From: Ian.Herd%sun-microsystems.co.uk@gec-epl.co.uk (Ian Herd - Sun UK - Answer Centre) #To: ian.herd@sun-microsystems.co.uk, steve_kilbane@gec-epl.co.uk #Subject: credential fix script

# ****************************************************** # * * # * DISCLAIMER * # * * # ****************************************************** # # # The contents of this file are intended to be read as # an example. This is not a supported product of Sun # Microsystems and no hotline calls will be accepted # which directly relate to this information. # # NO LIABILITY WILL BE ACCEPTED BY SUN MICROSYSTEMS FOR # ANY LOSS (DIRECT OR CONSEQUENTIAL) INCURRED IN ANY WAY # BY ANY PARTY THROUGH THE USE OF THIS INFORMATION. # # NO WARRANTY OF ANY SORT IS IMPLIED OR GIVEN FOR ANY # CODE DERIVED FROM THIS INFORMATION. # # #

DOMAINNAME=$(nisdefaults -d) fix_cred() { IFS=": $IFS"

while read cname auth_type auth_name public_data private_data do if is_owner $cname then : else nischown $cname [cname=$cname,auth_type=DES]cred.org_dir.$DOMAINNAME fi done }

is_owner() { owner=$(nismatch -o cname=$1 auth_type=DES cred.org_dir.$DOMAINNAME |\ awk '{ if ( $1 == "Owner" ) { print $3 }}' ) if [ "$1" = "${owner}" ] then return 0 fi return 1 }

nismatch auth_type=DES cred.org_dir.${DOMAINNAME} | fix_cred

exit



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:09:05 CDT