From owner-freebsd-hackers Mon Jul 8 08:37:58 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id IAA12471 for hackers-outgoing; Mon, 8 Jul 1996 08:37:58 -0700 (PDT) Received: from tellab5.lisle.tellabs.com (tellab5.lisle.tellabs.com [138.111.243.28]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id IAA12458; Mon, 8 Jul 1996 08:37:50 -0700 (PDT) From: mikebo@tellabs.com Received: from sunc210.tellabs.com by tellab5.lisle.tellabs.com with smtp (Smail3.1.29.1 #4) id m0udINC-0004g0C; Mon, 8 Jul 96 10:37 CDT Received: by sunc210.tellabs.com (SMI-8.6/1.9) id KAA20487; Mon, 8 Jul 1996 10:36:42 -0500 Message-Id: <199607081536.KAA20487@sunc210.tellabs.com> Subject: Re: 2.1-960627-SNAP: YP problem To: wpaul@skynet.ctr.columbia.edu (Bill Paul) Date: Mon, 8 Jul 1996 10:36:41 -0500 (CDT) Cc: bugs@freebsd.org, hackers@freebsd.org, mikebo (Mike Borowiec) In-Reply-To: <199607040125.VAA03325@skynet.ctr.columbia.edu> from "Bill Paul" at Jul 3, 96 09:25:22 pm X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Bill wrote: > Of all the gin joints in all the world, mikebo@tellabs.com had to walk > into mine and say: > > > > I believe a bug has been introduced into the 2.1-960627-SNAP YP code. > > As it turns out, netgroups have nothing to do with this problem. It is > > a problem with any YP password entries from my Sun server... I've added > > +::::::::: when editing the password file (with vipw), but NONE of the > > users in the NIS password map can login. > I've also tried the string "+:::::0:0:::" as suggested by Mike Murphy, but still no difference. > See if you can do 'id ' and have it recognise the > user in the NIS passwd map. If this works, then it is reading the > passwd map correctly. > Check this out: toybox> id mikebo id: mikebo: No such user toybox> ypmatch mikebo passwd mikebo:iXmhD1ZBZJbLI:1874:10:Mike Borowiec,D122,8211,:/home/sunc210/mikebo:/bin/ksh As suggested, I built and installed the following test program: #include #include #include main(argc, argv) int argc; char *argv[]; { struct passwd *pw; char *p, *ep, *salt; pw = getpwnam(argv[1]); salt = pw->pw_passwd; printf("Username is: [%s]\n", pw->pw_name); printf("UID is: [%lu]\n", pw->pw_uid); printf("Password is : [%s]\n", pw->pw_passwd); p = (char*)getpass((const char*)"Password:"); ep = (char*)crypt((const char*)p, (const char*)salt); printf("EPassword is: [%s]\n", ep); exit(0); } > 4) Run the program like this: > > $ pwtest nisuser > > where 'nisuser' is the username of a user that appears in the NIS > passwd maps. > Here's the output: toybox> ./pwtest mikebo Username is: [mikebo] UID is: [1874] Password is : [iXmhD1ZBZJbLI] Password: EPassword is: [iXmhD1ZBZJbLI] Looks good to me, but I still can't login: sunc210> telnet toybox Trying 138.111.12.69... Connected to toybox. Escape character is '^]'. FreeBSD (toybox.hq.tellabs.com) (ttyp1) login: mikebo Password: Login incorrect > (Try it with the +@myuser:::::::: entry too, just for kicks.) > Did that... no difference. > If the output looks exactly correct, then expand the program to > include a call to crypt(3) and compare the results with the encrypted > password show in the pw_passwd field. > Did that... Looks like NIS is working fine, and some programs/libraries are simply ignoring the fact that there are valid YP tokens in the passwd files. The DES package was installed at the same time as the install, and all appeared to complete flawlessly. The login program: toybox> ls -l /usr/bin/login -r-sr-xr-x 1 root bin 20480 Jun 28 03:59 /usr/bin/login toybox> cksum /usr/bin/login 957853657 20480 /usr/bin/login I appreciate all the help. What next? - Mike -- -------------------------------------------------------------------------- Michael Borowiec - mikebo@tellabs.com - Tellabs Operations Inc. Senior Member of Technical Staff 4951 Indiana Avenue, MS 63 708-512-8211 FAX: 708-512-7099 Lisle, IL 60532 USA --------------------------------------------------------------------------