SUMMARY: 4.1.2 C2 with NIS: password aging does not work

From: Ole Holm Nielsen (ohnielse@ltf.dth.dk)
Date: Mon Oct 19 1992 - 17:46:42 CDT


The original question:

>We have some Suns with SunOS 4.1.2 that run NIS and have C2 security
>enabled. I have installed the C2 Jumbo patch 100564-03 for
>rpc.yppasswdd and rpc.pwdauthd.
>However, with password aging enabled, I cannot change passwords any more,
>either with "passwd -y" or "yppasswd".

The executive summary:
You cannot use password aging with NIS under SunOS 4.X.

More details:

If you use NIS under SunOS 4.X, password aging is terribly broken to
the point where it is essentially useless ! The "passwd -y" or
"yppasswd" do not work, because (at least) the daemon rpc.yppasswdd is
broken. Essentially, rpc.yppasswdd in obtaining the encrypted password
does not strip off the last bytes that pertain to password aging,
but just bombs out with the error message "Bad password in adjunct".
Someone said that Sun "do not support passwd aging with NIS and don't
have plans to in the near future."
Another statement: "Password aging does not work with NIS, C2 or not.
Fixed in Solaris 2.0."

FLAME: What's the point of Sun offering password-aging in SunOS 4.X,
when it's so terribly broken that it won't work under NIS (A flagship
of Sun, remember...) ??? Why will Sun not commit to making a patch
available to rpc.yppasswdd, but just offer the arrogant solution
of upgrading to Solaris 2.0 ???

Thanks to:
dunstan@gec-epl.co.uk (Dunstan_Vavasour)
Poul.Sorensen@nilu.no
Mike Raffety <miker@sbcoc.com>
denise@kokopeli.agps.lanl.gov (Denise Richards)
Mike Raffety <miker@sbcoc.com>

 
Ole Holm Nielsen
UNI-C, Building 305
Technical University of Denmark, DK-2800 Lyngby, Denmark
E-mail: Ole.H.Nielsen@uni-c.dk
Telephone: (+45) 42 88 39 99 (dial-tone) 2404 or 2244



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:06:52 CDT