NIS+ nispasswd root

NIS+ nispasswd root

Post by J » Tue, 01 Aug 1995 04:00:00



How can I change the password of the root  on a nis+ master server ?
nispasswd gives th followin result:
You ( root) do not have secure RPC credentials in NIS+ domain 'aa.bb'

Adding local credentials for root seems to be impossible.

 
 
 

NIS+ nispasswd root

Post by Hendrik Visag » Tue, 01 Aug 1995 04:00:00


: How can I change the password of the root  on a nis+ master server ?
: nispasswd gives th followin result:
: You ( root) do not have secure RPC credentials in NIS+ domain 'aa.bb'

: Adding local credentials for root seems to be impossible.

------
Groetend / Sincerely Yours

Hendrik Visage
#include <Standard/Disclaimer>
Vector Customer Support
+27 11 315 4330


 
 
 

NIS+ nispasswd root

Post by Scott D. MacK » Tue, 01 Aug 1995 04:00:00


This was sent to me in regards to the same question.  I haven't had the time to
try it, so please don't yell if it don't work! :)

Scott

-----------------------------------------------------------------------------
He's not dead,                                        | Scott MacKay

                                                      | Real Time Enterprises
                   - MST3K                            |
                                                      |
-----------------------------------------------------------------------------

INFODOC ID: 2132

SYNOPSIS: change master password without breaking authentication
DETAIL DESCRIPTION:

Proper procedures need to be taken when changing root passwd on
NIS+ server (Master/Replica).

This impacts NIS+ operation under security level 2 (default).

NIS+ requests may fail due to authorization errors if the root
password is changed without following these guidelines.

SOLUTION SUMMARY:

To change the root master root password and keep NIS+ authorization intact.

        On the root master, kill and restart rpc.nisd at
        security level 0

ps -ef | grep rpc.nisd
kill <pid>
/usr/sbin/rpc.nisd -r -S 0

        on ALL root replicas kill and restart rpc.nisd at
        security level 0

ps -ef | grep rpc.nisd
kill <pid>
/usr/sbin/rpc.nisd -r -S 0

        On the root master, use keylogout to remove roots key

keylogout -f

        on ALL root replicas use keylogout to remove roots key

keylogout -f

        On the root master, change the root password

passwd root
New password:
Re-enter new  password:

        On the root master, change the key

chkey
Updating nisplus publickey database.

Please enter the Secure-RPC password for root:

        On the root master, update the keys for every directory
        in the root domain.

nisupdkeys `nisdefaults -d`
nisupdkeys org_dir.`nisdefaults -d`
nisupdkeys groups_dir.`nisdefaults -d`
        and any other directories that have been created in the
        root domain.

        on ALL root replicas make sure the changes are
        propagated

/usr/lib/nis/nisping -C
/usr/lib/nis/nisping `nisdefaults -d`
/usr/lib/nis/nisping org_dir.`nisdefaults -d`
/usr/lib/nis/nisping groups_dir.`nisdefaults -d`
        and any other directories in the root domain.

        on ALL root replicas keylogin

keylogin

        on ALL root replicas restart nisd at security
        level 2

ps -ef | grep rpc.nisd
kill <pid>
/usr/sbin/rpc.nisd -r -S 2

On the root master, kill & restart nisd at security level 2

ps -ef| grep rpc.nisd
kill <pid>
/usr/sbin/rpc.nisd -r -S 2

PATCH ID: n/a
PRODUCT AREA: n/a
PRODUCT: NIS+
SUNOS RELEASE: 2.3
UNBUNDLED RELEASE: n/a
HARDWARE: All

 
 
 

NIS+ nispasswd root

Post by Francois Sta » Tue, 01 Aug 1995 04:00:00


It kind of depends on what version of Solaris you're running. But
despite all of the horror stories regarding changing the root password
on a NIS+ server, it's rather simple as long as you're using Solaris
2.3 or later.

You just change your password using passwd (you can't use nispasswd as
the root password is not stored in NIS+ itself but in your local
/etc/passwd file). Now, this brings you in a situation where your
login passwd doesn't match anymore with the password used for
encrypting your secret key. So, you simply have to re-encrypt your
secret key using the new password. This you do using 'chkey -p'.
Remember to specify the '-p' option as forgetting that one is rather
problematic. (chkey -p keeps your public and secret key and only
re-encrypts the secret key. Chkey without -p causes the creation of
new public and secret keys for root which may cause quite a bit of
problem to recover from.)

Now, if you've changed your root password using passwd, and you forgot
the 'chkey -p'. What to do now ? Well, you just login as root, perform
a keylogin using your old password, and do the 'chkey -p'.

Let me know whether you've any problem with this procedure.

--
Francois Staes
UNIX Consultant
Eigen Heerdstraat 76
B - 2170 Merksem - Antwerpen
Belgium

Phone: +32/3/6454226

 
 
 

NIS+ nispasswd root

Post by Gary Merinste » Wed, 02 Aug 1995 04:00:00



Quote:>How can I change the password of the root  on a nis+ master server ?
>nispasswd gives th followin result:
>You ( root) do not have secure RPC credentials in NIS+ domain 'aa.bb'
>Adding local credentials for root seems to be impossible.

root on the nis master is unauthenticated through the nis tables; its
authenticated in a round-about way via the /etc/.rootkey. as long as you
don't try to change or delete .rootkey, you should be able to use passwd
root - the credentials for root incorporating /etc/.rootkey should still be
valid.

now for the warning: i know this stuff works 'cause i've done it. i also
prayed and sacrificed at the full moon beforehand...last year i had a sun
rep at my side while we followed "official sun instructions" fresh off the
fax machine. step #1 worked, step #2 broke nis+ so bad that after 4 hours
on the phone with sun, i finally wiped it all, recreated the nisspace from
scratch & reloaded my tables from ascii dumps.

this past may i had to change root on my nis+ master and replicas again
(damm int. auditors!): passwd root worked fine!. did i dump my table
entries and structures first? bet your ass i did!

make ascii dumps of your nis+ tables and structures, and store them on disk,
tape, and printout before you start playing with root on the nis+ master!

--

**                        hell will freeze over, and eventually,          **
**       GM151              things will get really interesting..."        **

 
 
 

1. rpc.nispasswdd[394]: rpc.nispasswd Error in accessing NIS+ cold start file... is NIS+ installed?.

We get this error message in /var/adm/messages file:

  rpc.nispasswdd[394]: rpc.nispasswd Error in accessing NIS+ cold start
file... is NIS+ installed?.

 We are running Solaris 7.

 We are not running NIS/YP.  I do not see any nis/yp processes running.
 However, I see following when I ran 'rpcinfo -p'.

 rpcinfo -p | grep nis
    100300    3   udp  32772  nisd
    100300    3   tcp  32771  nisd

 I see following in /etc/init.d/rpc file:
   if [ -d /var/nis/data -o -d /var/nis/$hostname ]; then
                        /usr/sbin/rpc.nisd $EMULYP
                        echo " rpc.nisd \c"
                        /usr/sbin/rpc.nispasswdd
   fi

I assume this is why nis processes are being registered with 'rpc'.
/var/nis/data is a blank directory and /var/nis/$hostname directory
does not exist.

I believe I need to move /var/nis/data to /var/nis/data.old and it will
take care of this issue.

Am I correct here or I need to be fixing it different way ?

Thank you all for your help.

2. MySQL Perl Interface

3. nispasswd from 4.1.3 nis client

4. Obtaining sound patches for 2.0.36

5. NIS+ and nispasswd

6. Javacript

7. NIS+ and nispasswd question

8. Termcap Problem

9. NIS+ error when I type nispasswd

10. nispasswd file to nis+ ?

11. Help nis table owner with using nispasswd !!!

12. NIS+ and nispasswd problem

13. NIS+ nispasswd weirdness