Date: Mon, 8 Jul 1996 10:36:41 -0500 (CDT) From: mikebo@tellabs.com To: wpaul@skynet.ctr.columbia.edu (Bill Paul) Cc: bugs@freebsd.org, hackers@freebsd.org, mikebo (Mike Borowiec) Subject: Re: 2.1-960627-SNAP: YP problem Message-ID: <199607081536.KAA20487@sunc210.tellabs.com> In-Reply-To: <199607040125.VAA03325@skynet.ctr.columbia.edu> from "Bill Paul" at Jul 3, 96 09:25:22 pm
next in thread | previous in thread | raw e-mail | index | archive | help
Bill wrote:
> Of all the gin joints in all the world, mikebo@tellabs.com had to walk
> into mine and say:
>
> > > I believe a bug has been introduced into the 2.1-960627-SNAP YP code.
> > As it turns out, netgroups have nothing to do with this problem. It is
> > a problem with any YP password entries from my Sun server... I've added
> > +::::::::: when editing the password file (with vipw), but NONE of the
> > users in the NIS password map can login.
>
I've also tried the string "+:::::0:0:::" as suggested by Mike Murphy,
but still no difference.
> See if you can do 'id <some NIS user>' and have it recognise the
> user in the NIS passwd map. If this works, then it is reading the
> passwd map correctly.
>
Check this out:
toybox> id mikebo
id: mikebo: No such user
toybox> ypmatch mikebo passwd
mikebo:iXmhD1ZBZJbLI:1874:10:Mike Borowiec,D122,8211,:/home/sunc210/mikebo:/bin/ksh
As suggested, I built and installed the following test program:
#include <stdio.h>
#include <pwd.h>
#include <des.h>
main(argc, argv)
int argc;
char *argv[];
{
struct passwd *pw;
char *p, *ep, *salt;
pw = getpwnam(argv[1]);
salt = pw->pw_passwd;
printf("Username is: [%s]\n", pw->pw_name);
printf("UID is: [%lu]\n", pw->pw_uid);
printf("Password is : [%s]\n", pw->pw_passwd);
p = (char*)getpass((const char*)"Password:");
ep = (char*)crypt((const char*)p, (const char*)salt);
printf("EPassword is: [%s]\n", ep);
exit(0);
}
> 4) Run the program like this:
>
> $ pwtest nisuser
>
> where 'nisuser' is the username of a user that appears in the NIS
> passwd maps.
>
Here's the output:
toybox> ./pwtest mikebo
Username is: [mikebo]
UID is: [1874]
Password is : [iXmhD1ZBZJbLI]
Password:
EPassword is: [iXmhD1ZBZJbLI]
Looks good to me, but I still can't login:
sunc210> telnet toybox
Trying 138.111.12.69...
Connected to toybox.
Escape character is '^]'.
FreeBSD (toybox.hq.tellabs.com) (ttyp1)
login: mikebo
Password:
Login incorrect
> (Try it with the +@myuser:::::::: entry too, just for kicks.)
>
Did that... no difference.
> If the output looks exactly correct, then expand the program to
> include a call to crypt(3) and compare the results with the encrypted
> password show in the pw_passwd field.
>
Did that...
Looks like NIS is working fine, and some programs/libraries are simply
ignoring the fact that there are valid YP tokens in the passwd files.
The DES package was installed at the same time as the install, and all
appeared to complete flawlessly. The login program:
toybox> ls -l /usr/bin/login
-r-sr-xr-x 1 root bin 20480 Jun 28 03:59 /usr/bin/login
toybox> cksum /usr/bin/login
957853657 20480 /usr/bin/login
I appreciate all the help. What next?
- Mike
--
--------------------------------------------------------------------------
Michael Borowiec - mikebo@tellabs.com - Tellabs Operations Inc.
Senior Member of Technical Staff 4951 Indiana Avenue, MS 63
708-512-8211 FAX: 708-512-7099 Lisle, IL 60532 USA
--------------------------------------------------------------------------
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199607081536.KAA20487>