Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!simtel!news.sprintlink.net!newsfeed.internetmci.com!news.msfc.nasa.gov!sol.ctr.columbia.edu!startide.ctr.columbia.edu!wpaul
From: wpaul@ctr.columbia.edu (Bill Paul)
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: strange NIS/YP problem
Date: 29 Aug 1995 14:37:49 GMT
Organization: Columbia University Center for Telecommunications Research
Lines: 85
Message-ID: <41v8nt$h9t@sol.ctr.columbia.edu>
References: <41ug57$1ft@buffnet2.buffnet.net>
NNTP-Posting-Host: startide.ctr.columbia.edu
X-Newsreader: TIN [version 1.2 PL2]
Daring to challenge the will of the almighty Leviam00se,
Superuser (root@buffnet.net) had the courage to say:
: I set up a freebsd to act as a nis client of an SCO machine.
I didn't know SCO had NIS... learn something new every day, I guess.
: I can pull the passwd.byname and byuid files fine.
: If I NFS mount a volume of the SCO and do a 'ls -l' I can see the userids
: that own each file so I know the reverse lookup is working.
: If I do ypmatch userid passwd it shows me the correct line.
: But Ill be darned if a remove user can login.
: I put +::::::::: in /etc/master.passwd
: I did a chpass on a local user to get all the files created and in sync
^^^^^^
Chpass doesn't know about NIS in 2.0.5. You'll have to explain to
me exactly what you were trying to do with this step.
: I modified login.c to show me what password string it pulled (ep) and the
: encrypted entered one (pw->passwd) - the encrypted entered one is fine -
: ep shows as just ':'.
I think you've got it backwards. pwd->pw_passwd is the password
extracted from the password database (in this case NIS). ep is the
encrypted password generated from what the user enters at the 'Password:'
prompt. You may not be looking for ep at the right place (you have to wait
until crypt() or skey_crypt() is called to do the encryption before
you can examine the result).
You don't normally need to go hacking login to see what's going on
inside the getpwent(3) functions. I use a test program like this:
#include <stdio.h>
#include <pwd.h>
main()
{
struct passwd *pw;
if ((pw = getpwnam("someuser")) == NULL) {
perror("getpwnam");
} else
printf ("NAME: [%s] PASS: [%s] UID: [%d] GID: [%d] SHELL: [%s]\n",
pw->pw_name, pw->pw_passwd, pw->pw_uid, pw->pw_gid, pw->pw_shell);
}
Replace "someuser" with a username on your system and it'll show you
what it thinks is the correct information for that user. (Note that
there are other fields you can look at, but this shows you all the really
important ones.)
: Im really stumped = One thing I note from the ypmatch userid passwd is
: that SCO sticks some junk at the end of the password field - a ,..DI or
: something close to that.
Well, lookit: FreeBSD doesn't know about that 'extra junk'. It expects
encrypted DES passwords to be 13 characters long (11 characters of
cipherjunk plus two characters of salt). If SCO's passwords are 13 characters
plus some stuff appended to the end, then you'll simply never get a
match.
: Any ideas?
I don't know what this ",..DI" information could be (though I suspect
is has something to do with password aging) but if you can get the
SCO machine to stop using it, then do so. It would also help if you
could show a sample of what you mean. I'm not asking for an actual
entry from your password file; just make up a dummy one that shows
the extra characters you're talking about.
I'm curious: does this SCO NIS server have any other non-SCO clients?
If so, do they work?
-Bill
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~T~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-Bill Paul (212) 854-6020 | System Manager
Work: wpaul@ctr.columbia.edu | Center for Telecommunications Research
Home: wpaul@skynet.ctr.columbia.edu | Columbia University, New York City
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The Møøse Illuminati: ignore it and be confused, or join it and be confusing!
~~~~~~ "Welcome to All Things BSDish! If it's not BSDish, it's crap!" ~~~~~~~