Root changing user's NIS+ password, RPC key not updated too

Root changing user's NIS+ password, RPC key not updated too

Post by Mike Batchel » Wed, 03 Jul 1996 04:00:00

OK, what have I done wrong?

I recently set up NIS+, and have already had the occasion to change a user's
password for them.  According to the man pages, the NIS+ FAQ, and _All About
Administering NIS+_, root can change a user's login password and Secure RPC
passwd simply by invoking nispasswd (now just passwd on Solaris 2.5).  But
when I have done this, I get a message from passwd telling me that the
SecurRPC password was not changed, and the user needs to run chkey -p on
their next login.  Of course, I can change their Secure RPC password, too,
with nisaddcred, but this isn't how it supposed to work.  What might have
gone wrong?


 Capitol.Net %%%%%%%%%%% 301-306-9090 % V.34/ISDN %%%%%%%%%%%    of
     + + +   %% Serving Washington DC, No.VA, and Maryland %%   Criticom, Inc.


Root changing user's NIS+ password, RPC key not updated too

Post by Fi » Wed, 03 Jul 1996 04:00:00

And if you can answer that one - then how about this one:

When new users run nispasswd, they get the message info update failed.
If root runs it for them, you'll get back the customary message about
having to keyloging explicitly upon next login. - However, when a user
tries to run chkey -p after keylogin, sometimes (not consistantly!)
they will receive a message saying "Principal does not have sufficient

But why?

Fil Krohnengold         |"Mother I don't like this doll, she tells too


1. NIS+ user management [Was: Re: root changing a user's password (NIS)]

And Solaris 2 removed `passwd -f <filename>'; the "-f" option now
means "force password change at next login".

                                  .  What other ways are there that are safer?

Good question.  I haven't used Solaris 2 at a large site long enough
for it to be much of an issue.  When necessary, I've just done as you
and edited the file by hand (using Emacs, which when saving at least
gives warning if the file's been changed).  Several years ago at Sun,
I recall there being a `viyp' utility for editing NIS files.  Maybe
they made it publically available.  I think it's harder to enforce
such a utility's use than it is to write one. ;-)

On a related note -- what is the recommended/approved/best way to add
new users and remove ex-users to/from NIS+ ??  One would hope `useradd'
could do it -- nope.  The NIS+ utilities `nis{addent,populate}' are
tailored towards adding to NIS+ tables from ASCII files or NIS maps
rather than dealing with a single "user" entry.  And using plain
`nistbladm' and `nisaddcred' options is crude and error-prone.

I've searched to no avail for some "cookbook" method of handling NIS+
user management.  My old NIS+ book was useless for that issue.  Maybe
I just have a blind spot.  Any suggestions would be appreciated...


Scott J. Kramer                         Graham Technology Solutions
Sr. UNIX Systems Administrator          20823 Stevens Creek Blvd., Suite 300                 +1.408.366.8001

2. CU didn't stop error message

3. root changing a user's password (NIS)

4. what's meaning of "(void)param2" in c code?

5. User password change by root using NIS

6. Remote Printer problem

7. Can root change NIS password of any user ?

8. Q : syslogd message after ppp connect?

9. Can't set root password- Password busy error -is not due to temp password file

10. NIS+ problem, users can't change their own password!

11. changing NIS+ root master root password

12. NIS password not updating right away on NIS client running CentOS

13. password change for user from root doesn't work.