NIS+ and passwd/nispasswd commands

NIS+ and passwd/nispasswd commands

Post by Mike Batchel » Fri, 20 Sep 1996 04:00:00



Well gee golly.  I am a bit confused.

The passwd/nispasswd commands do not seem to work as documented, or I
do not understand.

When using passwd (or passwd -r nisplus) to change a user's password,
I am prompted for a login(NIS+) password first, before I am prompted
for the new password.  It seems that I may use either the user's
password or root's password, or my own password if I have modify
rights on the password field in the passwd table (IOW, if I am in the
admin NIS+ group).

Nispasswd, however, does not ask for a password first, but goes right
on into prompting for the new password.

And what's up with this:

$ passwd -r nisplus -e
Enter login(NIS+) password:
Old shell: /usr/local/bin/bash
New shell: /usr/bin/ksh
        NIS+ password information changed for mikebat
        NIS+ credential information changed for mikebat
$

What!?  I didn't change my password or my credentials!

Can somebody help me understand what's going on?

 
 
 

NIS+ and passwd/nispasswd commands

Post by Toomas Soo » Sun, 22 Sep 1996 04:00:00


: Well gee golly.  I am a bit confused.

: The passwd/nispasswd commands do not seem to work as documented, or I
: do not understand.

: When using passwd (or passwd -r nisplus) to change a user's password,
: I am prompted for a login(NIS+) password first, before I am prompted
: for the new password.  It seems that I may use either the user's
: password or root's password, or my own password if I have modify
: rights on the password field in the passwd table (IOW, if I am in the
: admin NIS+ group).

: Nispasswd, however, does not ask for a password first, but goes right
: on into prompting for the new password.

main difference is, that passwd -r nisplus uses rpc.nispasswdd daemons
interface, thus enabling failed attempts counting. it also makes 'keylogin'
in login time password change.

but - it, and in fact also newkey, chkey, do not work, if You use multiple
passwd tables and cred tables in table search path - in this case these
programs try to work as information comes from default passwd|cred table
and so they fail... Yes You can use -D switch for passwd, but how about
login passwd change prompt in login time and newkey and chkey ....

nispasswd changes password and cred information directly and is backward
compatible with older Solaris releases (whitch do not have rpc.nispasswdd
daemon ).

: And what's up with this:

: $ passwd -r nisplus -e
: Enter login(NIS+) password:
: Old shell: /usr/local/bin/bash
: New shell: /usr/bin/ksh
:         NIS+ password information changed for mikebat
:         NIS+ credential information changed for mikebat
: $

: What!?  I didn't change my password or my credentials!

first line it ok - you changed shell and this is information holded in
password table. Second one is *....

--
toomas
--
 Redistribution by Microsoft Network is prohibited.
 PGP public key: http://www.veryComputer.com/~tsoome/pgp.txt

 
 
 

NIS+ and passwd/nispasswd commands

Post by Toomas Soo » Sun, 22 Sep 1996 04:00:00


Reposting article removed by rogue canceller.

: Well gee golly.  I am a bit confused.

: The passwd/nispasswd commands do not seem to work as documented, or I
: do not understand.

: When using passwd (or passwd -r nisplus) to change a user's password,
: I am prompted for a login(NIS+) password first, before I am prompted
: for the new password.  It seems that I may use either the user's
: password or root's password, or my own password if I have modify
: rights on the password field in the passwd table (IOW, if I am in the
: admin NIS+ group).

: Nispasswd, however, does not ask for a password first, but goes right
: on into prompting for the new password.

main difference is, that passwd -r nisplus uses rpc.nispasswdd daemons
interface, thus enabling failed attempts counting. it also makes 'keylogin'
in login time password change.

but - it, and in fact also newkey, chkey, do not work, if You use multiple
passwd tables and cred tables in table search path - in this case these
programs try to work as information comes from default passwd|cred table
and so they fail... Yes You can use -D switch for passwd, but how about
login passwd change prompt in login time and newkey and chkey ....

nispasswd changes password and cred information directly and is backward
compatible with older Solaris releases (whitch do not have rpc.nispasswdd
daemon ).

: And what's up with this:

: $ passwd -r nisplus -e
: Enter login(NIS+) password:
: Old shell: /usr/local/bin/bash
: New shell: /usr/bin/ksh
:         NIS+ password information changed for mikebat
:         NIS+ credential information changed for mikebat
: $

: What!?  I didn't change my password or my credentials!

first line it ok - you changed shell and this is information holded in
password table. Second one is *....

--
toomas
--
 Redistribution by Microsoft Network is prohibited.
 PGP public key: http://www.veryComputer.com/~tsoome/pgp.txt

 
 
 

NIS+ and passwd/nispasswd commands

Post by Mike Batchel » Wed, 25 Sep 1996 04:00:00



>Reposting article removed by rogue canceller.

>: When using passwd (or passwd -r nisplus) to change a user's password,
>: I am prompted for a login(NIS+) password first, before I am prompted
>: for the new password.  It seems that I may use either the user's
>: password or root's password, or my own password if I have modify
>: rights on the password field in the passwd table (IOW, if I am in the
>: admin NIS+ group).
>: Nispasswd, however, does not ask for a password first, but goes right
>: on into prompting for the new password.
>main difference is, that passwd -r nisplus uses rpc.nispasswdd daemons
>interface, thus enabling failed attempts counting. it also makes 'keylogin'
>in login time password change.
>but - it, and in fact also newkey, chkey, do not work, if You use multiple
>passwd tables and cred tables in table search path - in this case these
>programs try to work as information comes from default passwd|cred table
>and so they fail... Yes You can use -D switch for passwd, but how about
>login passwd change prompt in login time and newkey and chkey ....
>nispasswd changes password and cred information directly and is backward
>compatible with older Solaris releases (whitch do not have rpc.nispasswdd
>daemon ).

So it seems that despite recommendations to the contrary in the passwd
man page, I should use nispasswd instead of passwd -r nisplus, right?
Is there anything other than that nispasswd might not be in the next
release that I should worry about?
 
 
 

NIS+ and passwd/nispasswd commands

Post by Toomas Soo » Thu, 26 Sep 1996 04:00:00



: >Reposting article removed by rogue canceller.


: >: When using passwd (or passwd -r nisplus) to change a user's password,
: >: I am prompted for a login(NIS+) password first, before I am prompted
: >: for the new password.  It seems that I may use either the user's
: >: password or root's password, or my own password if I have modify
: >: rights on the password field in the passwd table (IOW, if I am in the
: >: admin NIS+ group).

: >: Nispasswd, however, does not ask for a password first, but goes right
: >: on into prompting for the new password.

: >main difference is, that passwd -r nisplus uses rpc.nispasswdd daemons
: >interface, thus enabling failed attempts counting. it also makes 'keylogin'
: >in login time password change.

: >but - it, and in fact also newkey, chkey, do not work, if You use multiple
: >passwd tables and cred tables in table search path - in this case these
: >programs try to work as information comes from default passwd|cred table
: >and so they fail... Yes You can use -D switch for passwd, but how about
: >login passwd change prompt in login time and newkey and chkey ....

: >nispasswd changes password and cred information directly and is backward
: >compatible with older Solaris releases (whitch do not have rpc.nispasswdd
: >daemon ).

: So it seems that despite recommendations to the contrary in the passwd
: man page, I should use nispasswd instead of passwd -r nisplus, right?
: Is there anything other than that nispasswd might not be in the next
: release that I should worry about?

Yes You should, BUT only if You are in /etc/passwd and nis+ passwd table,
and You want to change password in NIS+ table....

another case is this foreign domain bug..... this bug affects also
newkey, chkey ....

toomas soome
--
 Redistribution by Microsoft Network is prohibited.
 PGP public key: http://www.cs.ut.ee/~tsoome/pgp.txt

 
 
 

1. rpc.nispasswdd[394]: rpc.nispasswd Error in accessing NIS+ cold start file... is NIS+ installed?.

We get this error message in /var/adm/messages file:

  rpc.nispasswdd[394]: rpc.nispasswd Error in accessing NIS+ cold start
file... is NIS+ installed?.

 We are running Solaris 7.

 We are not running NIS/YP.  I do not see any nis/yp processes running.
 However, I see following when I ran 'rpcinfo -p'.

 rpcinfo -p | grep nis
    100300    3   udp  32772  nisd
    100300    3   tcp  32771  nisd

 I see following in /etc/init.d/rpc file:
   if [ -d /var/nis/data -o -d /var/nis/$hostname ]; then
                        /usr/sbin/rpc.nisd $EMULYP
                        echo " rpc.nisd \c"
                        /usr/sbin/rpc.nispasswdd
   fi

I assume this is why nis processes are being registered with 'rpc'.
/var/nis/data is a blank directory and /var/nis/$hostname directory
does not exist.

I believe I need to move /var/nis/data to /var/nis/data.old and it will
take care of this issue.

Am I correct here or I need to be fixing it different way ?

Thank you all for your help.

2. dial-in: PAP login failure for ... (ppp-2.4.0)

3. NIS+ passwd command yeilds a Couldn't create a D-H key-pair error

4. Driver for Eicon Diehl SCOM ISDN Card ????????????

5. nispasswd & passwd+

6. SPARC Newbie Install Question

7. First login of new user : passwd/nispasswd mismatch

8. Howto forward domain requests tru a firewall?

9. passwd column after NIS+ nispopulate command--huh?

10. Root can't change NIS+ creds using passwd command

11. Problems with nispasswd and passwd -r nisplus

12. passwd command does not update shadow.byname NIS map

13. passwd vs. nispasswd: not even login gets it right