1. Bizarre NIS+ problem - nisdefaults thinks I am NIS+ master principal
Maybe I shouldn't have experimented.... :(
I was looking at NIS+ security issues, and wanted to check some things
out. I am a member of the admin NIS+ group, and I used nistbladm to
change my uid in the passwd table to 0 - which worked. Nisdefaults
says my principal name is the same as the root master server
(master.domain.com rather than user.domain.com). But permissions
loopholes aside, after I finished my experiment, I changed my uid back
to what it was, and did a nisping -Cf to propagate the change. Now
the fun starts.
I login again, and notice that nisdefaults says I am still the same
principal as master.domain.com. Hmmmm, this is not right. So I
rebooted the master. Login afer reboot, nisdefaults says the same
thing. So I logged in as root, removed myself from the admin group,
and used nistbladm and nisaddcred to completely remove myself from the
passwd and cred table, and also remove the entry in the group table
that makes me a member of group 0. Nisping -Cf to force the update.
Now I created my account all over again, with nistbladm on the passwd
table, then nisaddcred for DES and LOCAL credentials, and finally
nispasswd to add my password. Nisping -Cf to propagate the changes,
and login as myself. Nisdefaults STILL says my principal name is the
same as the master.domain.com!
SO - lets see if I screwed something up. I removed my account again
with nistbladm/nisaddcred, and then created a new account with an
extra letter - instead of "mikebat" I created "mikebatt" (two "t's").
I also created it with a different uid than before, changed the
ownership on my home directory, and logged in. Same problem - I am
the same principal as the master.domain.com.
OK, well perhaps nistbladm/nisaddcred are doing something funky here.
Let's try nisaddent. I dumped the shadow, passwd, netid and publickey
tables, edited them to leave only my own account in them, removed my
account from the active tables, and then used nisaddent to add them
back from the files I just dumped and edited. Same problem.
So I created a completely new account with the name "testuser",
different uid, different home directory. Used nisaddcred and
nispasswd to finish the setup, and logged in as "testuser".
Nisdefaults says I am testuser.domain.com, just as it should. Hmmmm,
well that's what's supposed to happen.
So now I delete the "mikebatt" account again, and then use nistbladm
to rename the testuser account to mikebat, and also to change the uid,
gcos, home, etc to correspond to me. I also make the same changes in
the cred table using nistbladm. Nisping -Cf to propagate, login as
myself, and - you guessed it - nisdefaults says I am the same
principal name as the master.domain.com.
Mike Batchelor, Staff Engineer
NAI Technologies, Inc., Columbia, Maryland
My opinions are my own, I do not speak for NAI.
2. PK Electronics: BlackoutBuster Standby UPS
3. Why am I getting hits on port 119?
4. Desperate for help with failure in running lpsched!!
5. NIS question (2): limit access from NIS-client pc
6. Star Office Questions...
7. Hitting Telnet connection limit???
8. detecting death of socket
9. SPICE3 simulation hits 2Gb file limit
10. Hitting the 2Gig file limit in 2.5.1 ...
11. limiting hits to virtual
12. HELP: Hitting the 32767 inode limit in a directory
13. tc and bandwidth limiting: What am I doing wrong?