Many thanks to all that responded about changing
a users password under NIS/YP.
Yes its true that the superuser can not change the users
account password using yppasswd without knowing the
old password.
Some DEC support people said they have not seen any
version of yppasswd that would allow this.
Mainly because of some license issue with Sun Microsystems,
some code in the yp software can not be changed.
One user did report that AIX allows the superuser
to change passwords without knowing the old passwd.
As it turned out, the problem was a little deeper than
originally stated! I could not change the users account
by editing the /yp/src/passwd file, then make passwd, then
doing a yppasswd username. 6.5 hours after logging a call
with CSC, the answer from DEC was,
"I messed around and finally it started working".
I setup NIS server and client software after the systems had
been running for several months. All the client systems had
been using the regular /etc/passwd file. Somewhere, sometime
the clients created /etc/passwd.dir and /etc/passwd.pag files.
These files are like "hashed versions of the /etc/passwd file".
If these files exist and contain the users name that might be
trying to login, they are used to authenticate the user,
rpc.yppasswdd never comes into play. Now I remember reading
about cleaning up the /etc/passwd files on the NIS clients and only
leaving the root account (did that), but I don't think the book said
anything about these .dir and .pag files! My question to the DEC support
people was; "Should NISSETUP be responsible for closing
security holes like this". They argued, "NIS has nothing to do with
/etc/passwd". Anyway, chalk another one up to not knowing
every damn detail about UNIX.
Again thanks for all the support, you people are great!
PS
I received 6 listserver responses within the 5.5 hours it took DEC to
respond to my call.
Marc Cozzi
Univ. of Notre Dame cozzi_at_nd.edu
Received on Mon Jun 12 1995 - 17:31:51 NZST