SUMMARY: Changing root password of NIS+ root master server

From: Chris Hines (chris@New.Paramax.COM)
Date: Thu Dec 16 1993 - 08:50:35 CST


The original question:

>Hello Sun managers,
>
>I've been banging my head against this problem for quite a while.
>Every now and then I have a new idea, but when I try it it invariably
>fails.
>
>We have a SparcServer 1000 and several Sparc LX's as clients. We are
>running Solaris 2.2 (with all of the patches thru about a month ago)
>and using NIS+ for user logins.
>
>I can't seem to figure out how to change the root password on the root
>master NIS+ server (the SS1000). I've been through the documentation
>(Answerbook) several times.
>
>Every time I try to change the root password I end up in a situation
>where the NIS+ server cannot be authenticated. The result is that
>users cannot log in to any machine where they don't have a local
>account.
>
>I've tried changing the password while running the NIS+ process at
>security level 0 with no luck. Note that the NIS+ tables DO NOT
>contain a root account (as it should be), and that the problem existed
>both before and after adding a replica server. We have a single NIS+
>domain which is the root domain, and all machines are in that domain.
>
>I'd appreciate either instructions, or a reference to the correct
>documentation (if it exists) that covers this topic. I've been working
>on this problem on and off for the better part of three months. I
>really need to change the root password on our server!

I received several responses ranging from copies of notices from Sun
explaining the correct process to one saying that NIS+ doesn't work on
Solaris 2.2 and I not to use it.

There are two levels of solutions. One is to just change the root
password using the 'passwd' command. This will work without changing
the NIS+ credentials because a copy of root's secret key is kept in
/etc/.rootkey. Using this method it is imperative NOT to change the
key (using chkey for example) because that is what results in the
'unable to authenticate NIS server' errors.

I have tested this solution and it works well. Not to mention that it
is very simple.

The second level of solution is to change the root password and the
NIS+ credentials. The process to do this is rather complicated. I
received at least three responses that had very similar instructions
about doing this, but none of the respondents had tested them
themselves. I have decided to go without chaning the credentials yet.
Since I haven't tested the procedures for doing so, I'll refrain from
reposting them here, but I can forward them to anyone that would like
to see them.

Thanks to everyone that responded:

john.kilheffer@amp.com (John R. Kilheffer)
szgyula@skysrv.pha.jhu.edu (Gyula Szokoly)
ib@cs.uni-kiel.de (Willi Burmeister)
<rogerio@bvl.pt>
ross@bio-medical-physics.aberdeen.ac.uk (Philip Ross)
keie@cs.vu.nl
tkw@babss.basg.COM (Terry White)
David.Miner@East.Sun.COM (Dave Miner)
yves@atlantis.cc.mcgill.ca (Yves LePage)

+-------------------------------------+----------------------------+
| Chris Hines chris@new.paramax.com / If your expecting something |
| Unisys Government Systems Group / clever here, don't hold |
| Newington, VA USA / your breath. |
+---------------------------------+--------------------------------+



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:08:33 CDT