SUMMARY: Problems with passwd under Solaris 2.3

From: 0000-Admin0000 (root@infcip42.uni-trier.de)
Date: Thu Jul 14 1994 - 09:18:55 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

----------
X-Sun-Data-Type: text
X-Sun-Data-Description: text
X-Sun-Data-Name: text
X-Sun-Charset: us-ascii
X-Sun-Content-Lines: 66

Dear Sun Managers,

with a great feeling of relief I do return the summary of answers I received
until now (07/15/94 3 pm).
Thanks to all who posted me.

The original question was:

> we've just installed two test-machines (Classic+) as Server and diskless Client,
> both running Solraris 2.3, with NIS+ and almost everything works quite all right.
> The only exeptions are
>
> 1. Users can't change their password although we made a link from
> nispasswd to passwd. Further we tried with the hints from the
> Installation manual, keylogin, using nispasswd, chkey. No solution,
> Anytime a user tries to passwd he will be asked for the old password,
> the new password and then the NIS+ Service replies
> "NIS+ password information changed for greiml
> nispasswd: couldn't change password for greiml
> Reason: failed to update the cred table with reencrypted credentials
> Please notify your System Administrator."
> As we are the System Adminitrators and do not know how to handle this
> Problem, we are in a really dump situation.
> Is there anyone out there with help for us?
>
> 2. Every time the one of the machines is rebooted it complains about
> unknown services rquotad/rpc/udp
> rquotad/rpc/ticlts
> rusersd/rpc/udp
> rusersd/rpc/ticlts
> sprayd/rpc/udp
> sprayd/rcp/ticlts
> walld/rpc/udp
> walld/rpc/ticlts
> rstatd/rpc/udp
> rstatd/rpc/ticlts
> How can we get rid of these anoying messages?

1. The Problem was, as most of You told me a Problem of the right credentials.
   Clients weren't handed the right credentials by Admitool.
   It happened because of the missing of Patches 101329 and 101384, which I
   installed right afterwards.
   The problem was, that Admintool did not create the right entries in the cred
   table, which usually does not affect root (living in /etc/passwd even on the
   clients).
   Christian Masopust and Steve Kilbane send a tool to restore wrong credentials
   which will we an addendum to this Summary.
         Thanks again.

2. I simply didn't know of the necessaty to update even the rpc table.
After 'nisaddent -v -f /etc/rpc rpc' everything was o.k.

Answers from: bartole@crpcu.lu (Emile Bartole)
              gusset@info.ntb.ch (Thomas Gusset)
              Todd Gudgel <centaur@plutonium.sem.Arizona.EDU>
              steve@cegelecproj.co.uk (Steve_Kilbane)
              Neil W Rickert <rickert@cs.niu.edu>
              ratinox@unilab.dfci.harvard.edu (Richard Pieri)
              danny@ews7.dseg.ti.com (Danny Johnson)
              Christian.Masopust@emndev.siemens.co.at

Alexander
----------
X-Sun-Data-Type: shell-script
X-Sun-Data-Name: set_cred_rights
X-Sun-Charset: us-ascii
X-Sun-Content-Lines: 15

#!/bin/sh
#
# change the user's credential ownership to him
# from harper@suny.stat.vt.edu (Scott Harper)
# 3374CB / 15.3.94
#
#
niscat cred.org_dir | \
awk -F: '{print $1}' - | \
sh -c 'while read name; do nischown $name [cname=$name],cred.org_dir; done'

--
  Christian Masopust                               |    _    |
  Siemens AG Austria                              _|___/v\___|_ 
  Christian.Masopust@emndev.siemens.co.at    -====(~)=(.*.)=(~)====-
  Phone/Fax: +43-1-2501-4516 / 4485                    `-'           
----------
X-Sun-Data-Type: default-app
X-Sun-Data-Description: default
X-Sun-Data-Name: credential-fix.ksh
X-Sun-Charset: us-ascii
X-Sun-Content-Lines: 60
#!/bin/ksh
#From Ian.Herd%sun-microsystems.co.uk@gec-epl.co.uk Mon Jan 31 17:40 GMT 1994
#Date: Mon, 31 Jan 1994 17:31:39 +0000
#From: Ian.Herd%sun-microsystems.co.uk@gec-epl.co.uk (Ian Herd - Sun UK - Answer Centre)
#To: ian.herd@sun-microsystems.co.uk, steve_kilbane@gec-epl.co.uk
#Subject: credential fix script
# ******************************************************
# *                                                    *
# *                    DISCLAIMER                      *
# *                                                    *
# ******************************************************
# 
# 
# The contents of this file  are intended to  be read as
# an example.  This  is not  a  supported product of Sun
# Microsystems  and  no hotline calls  will  be accepted
# which directly relate to this information.
# 
# NO LIABILITY WILL BE  ACCEPTED BY SUN MICROSYSTEMS FOR
# ANY LOSS (DIRECT OR CONSEQUENTIAL) INCURRED IN ANY WAY
# BY ANY PARTY THROUGH THE USE OF THIS INFORMATION.
# 
# NO WARRANTY  OF  ANY SORT  IS IMPLIED OR GIVEN FOR ANY
# CODE DERIVED FROM THIS INFORMATION.
# 
# 
#
DOMAINNAME=$(nisdefaults -d)
fix_cred()
{
    IFS=": $IFS"
    while read cname auth_type auth_name public_data private_data
    do
	if is_owner $cname
	then
	    :
	else
	    nischown  $cname [cname=$cname,auth_type=DES]cred.org_dir.$DOMAINNAME 
	fi
    done
}
is_owner()
{
    owner=$(nismatch -o cname=$1 auth_type=DES cred.org_dir.$DOMAINNAME |\
	awk '{ if ( $1 == "Owner" ) { print $3 }}' )
    if [ "$1" = "${owner}" ]
    then
	return 0
    fi
    return 1
}
nismatch auth_type=DES cred.org_dir.${DOMAINNAME} | fix_cred
exit

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:09:05 CDT